MySQL COM_CHANGE_USER功能口令认证缺陷漏洞

漏洞信息详情

MySQL COM_CHANGE_USER功能口令认证缺陷漏洞

• CNNVD编号：CNNVD-200212-053
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2002-1374
  
• 漏洞类型：
  
  
  其他
  
• 发布时间：
  
  2002-12-23
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2019-10-24
  
• 厂        商：
  
  symantec_veritas
• 漏洞来源：
  Stefan Esser※ s.es…

Oracle MySQL是美国甲骨文（Oracle）公司的一套开源的关系数据库管理系统。

MySQL的密码验证机制存在缺陷，本地或远程攻击者可能利用这个漏洞以其他数据库帐号访问数据库，因为可以劫持数据库root用户帐号，所以攻击者可能完全控制数据库，结合系统的其他配置问题(比如有可写的CGI目录，或MySQL本身以root用户启动)，可能对操作系统本身造成进一步危害。此漏洞本身并不是新发现的，而是对老漏洞的修补不彻底所致。在2000年02月，Robert van der Meulen发现MySQL系统中的密码验证系统存在一个缺陷(BUGTRAQ_ID：975 )，MySQL挑战应答算法在检查HASH后的口令时根据客户端提供的应答长度来定，因此如果客户端发送只有一个字符的应答，MySQL会只检查一个字节，因为MySQL实现的HASH算法每个HASH后的字符只有32种可能，这意味着最多只要尝试32次就可以给予服务端正确的应答。修正这个错误的时候，MySQL项目组只简单在服务端接受数据库登录连接的代码中加入了检查HASH后的口令长度必须为8个字节，但是却没有对COM_CHANGE_USER命令的处理过程中加入这个检查。因此攻击者使用合法的MySQL帐户仍旧可以尝试多次未授权访问数据库。本地用户意味着可以利用mysql root帐户控制所有数据库。

厂商补丁：

Conectiva

———

Conectiva已经为此发布了一个安全公告(CLA-2002:555)以及相应补丁:

CLA-2002:555：MySQL

链接：
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000555” target=”_blank”>

http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000555

补丁下载：

ftp://atualizacoes.conectiva.com.br/6.0/RPMS/MySQL-3.23.36-14U60_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/6.0/RPMS/MySQL-bench-3.23.36-14U60_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/6.0/RPMS/MySQL-client-3.23.36-14U60_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/6.0/RPMS/MySQL-devel-3.23.36-14U60_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/6.0/RPMS/MySQL-devel-static-3.23.36-14U60_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/6.0/RPMS/MySQL-doc-3.23.36-14U60_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/MySQL-3.23.36-14U60_3cl.src.rpm

ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-3.23.36-14U70_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-bench-3.23.36-14U70_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-client-3.23.36-14U70_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-devel-3.23.36-14U70_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-devel-static-3.23.36-14U70_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-doc-3.23.36-14U70_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/MySQL-3.23.36-14U70_3cl.src.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-3.23.46-4U80_2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-bench-3.23.46-4U80_2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-client-3.23.46-4U80_2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-devel-3.23.46-4U80_2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-devel-static-3.23.46-4U80_2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-doc-3.23.46-4U80_2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/SRPMS/MySQL-3.23.46-4U80_2cl.src.rpm

Debian

——

Debian已经为此发布了一个安全公告(DSA-212-1)以及相应补丁:

DSA-212-1：Multiple MySQL vulnerabilities

链接：
http://www.debian.org/security/2002/dsa-212” target=”_blank”>

http://www.debian.org/security/2002/dsa-212

补丁下载：

Source archives:

http://security.debian.org/pool/updates/main/m/mysql/mysql_3.22.32-6.3.dsc” target=”_blank”>

http://security.debian.org/pool/updates/main/m/mysql/mysql_3.22.32-6.3.dsc

Size/MD5 checksum: 1305 26482e7b5f51fe036c9270043877483a

http://security.debian.org/pool/updates/main/m/mysql/mysql_3.22.32.orig.tar.gz” target=”_blank”>

http://security.debian.org/pool/updates/main/m/mysql/mysql_3.22.32.orig.tar.gz

Size/MD5 checksum: 4296259 e3d9cb3038a2e4378c9c0f4f9d8c2d58

http://security.debian.org/pool/updates/main/m/mysql/mysql_3.22.32-6.3.diff.gz” target=”_blank”>

http://security.debian.org/pool/updates/main/m/mysql/mysql_3.22.32-6.3.diff.gz

Size/MD5 checksum: 84166 79faf5c0f1e6ab6c4c3b7511f9cc1e71

Architecture independent packages:

http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.22.32-6.3_all.deb” target=”_blank”>

http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.22.32-6.3_all.deb

Size/MD5 checksum: 1687018 e3d348a98e08bbff4085215356c5dcc7

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.3_alpha.deb” target=”_blank”>

http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.3_alpha.deb

Size/MD5 checksum: 790098 2d103be33a041fa8af05a6d1a8fae1fc

http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_alpha.deb” target=”_blank”>

http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_alpha.deb

Size/MD5 checksum: 99516 c3803f9e8e090bc9755cc8502f7dd860

arm architecture (ARM)

http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.3_arm.deb” target=”_blank”>

http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.3_arm.deb

Size/MD5 checksum: 603710 028266a7c4c99365a8fe715fda7635b9

http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_arm.deb” target=”_blank”>

http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_arm.deb

Size/MD5 checksum: 87190 0f6e1c53dd71bd45ec0bfc7bdd3e92c3

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.3_i386.deb” target=”_blank”>

http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.3_i386.deb

Size/MD5 checksum: 585150 54c0e5b9aa43a2d4fd2137f22851243a

http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_i386.deb” target=”_blank”>

http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_i386.deb

Size/MD5 checksum: 86768 fe2974d4fc341c7fc5c3866636a49676

m68k architecture (Motorola Mc680x0)

http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.3_m68k.deb” target=”_blank”>

http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.3_m68k.deb

Size/MD5 checksum: 554888 5d636134e003bdd33f6dd74e60ca6570

http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_m68k.deb” target=”_blank”>

http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_m68k.deb

Size/MD5 checksum: 84534 47f6aa149c3b872722b5357bb962c0a7

powerpc architecture (PowerPC)

http://security.debian.org/

链接:http://www.securityfocus.com/advisories/5269

来源:GENTOO

链接:http://marc.info/?l=bugtraq&m=104004857201968&w=2

来源:REDHAT

链接:http://www.redhat.com/support/errata/RHSA-2002-288.html

来源:ENGARDE

链接:http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html

来源:MANDRAKE

链接:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:087

来源:TRUSTIX

链接:http://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt

来源:SUSE

链接:http://www.novell.com/linux/security/advisories/2003_003_mysql.html

来源:BUGTRAQ

链接:http://marc.info/?l=bugtraq&m=104005886114500&w=2

来源:REDHAT

链接:http://www.redhat.com/support/errata/RHSA-2003-166.html

来源:CONECTIVA

链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000555

来源:BUGTRAQ

链接:http://marc.info/?l=bugtraq&m=103971644013961&w=2

来源:XF

链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/10847

来源:DEBIAN

链接:https://www.debian.org/security/2002/dsa-212

来源:REDHAT

链接:http://www.redhat.com/support/errata/RHSA-2002-289.html

来源:BID

链接:https://www.securityfocus.com/bid/6373

来源:MISC

链接:http://security.e-matters.de/advisories/042002.html