Oracle MySQL 安全漏洞

漏洞信息详情

Oracle MySQL 安全漏洞

• CNNVD编号：CNNVD-200302-026
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2003-0073
  
• 漏洞类型：
  
  
  其他
  
• 发布时间：
  
  2003-02-19
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2019-10-24
  
• 厂        商：
  
  mysql
• 漏洞来源：
  MySQL

Oracle MySQL是美国甲骨文（Oracle）公司的一套开源的关系数据库管理系统。

MySQL 3.23.55之前版本在处理mysql_change_user()函数时存在设计问题，远程攻击者可以利用这个漏洞使mysqld崩溃。mysql_change_user()函数中存在设计问题，造成对同一内存释放两次，更改MySQL客户端并利用这个漏洞可导致mysqld崩溃。不过这个漏洞的利用需要使用合法用户帐户登录服务程序来进行触发。

厂商补丁：

MandrakeSoft

————

MandrakeSoft已经为此发布了一个安全公告(MDKSA-2003:013)以及相应补丁:

MDKSA-2003:013：Updated MySQL packages fix DoS vulnerability

链接：
http://www.linux-mandrake.com/en/security/2003/MDKSA-2003-013.php” target=”_blank”>

http://www.linux-mandrake.com/en/security/2003/MDKSA-2003-013.php

补丁下载：

Updated Packages:

Linux-Mandrake 7.2:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/RPMS/MySQL-3.23.31-1.4mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/RPMS/MySQL-bench-3.23.31-1.4mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/RPMS/MySQL-client-3.23.31-1.4mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/RPMS/MySQL-devel-3.23.31-1.4mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/RPMS/MySQL-shared-3.23.31-1.4mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/SRPMS/MySQL-3.23.31-1.4mdk.src.rpm

Mandrake Linux 8.0:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/RPMS/MySQL-3.23.36-2.3mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/RPMS/MySQL-bench-3.23.36-2.3mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/RPMS/MySQL-client-3.23.36-2.3mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/RPMS/MySQL-devel-3.23.36-2.3mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/RPMS/MySQL-shared-3.23.36-2.3mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/SRPMS/MySQL-3.23.36-2.3mdk.src.rpm

Mandrake Linux 8.0/PPC:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/RPMS/MySQL-3.23.36-2.3mdk.ppc.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/RPMS/MySQL-bench-3.23.36-2.3mdk.ppc.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/RPMS/MySQL-client-3.23.36-2.3mdk.ppc.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/RPMS/MySQL-devel-3.23.36-2.3mdk.ppc.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/RPMS/MySQL-shared-3.23.36-2.3mdk.ppc.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/SRPMS/MySQL-3.23.36-2.3mdk.src.rpm

Mandrake Linux 8.1:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/MySQL-3.23.41-5.3mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/MySQL-bench-3.23.41-5.3mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/MySQL-client-3.23.41-5.3mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/MySQL-devel-3.23.41-5.3mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/MySQL-shared-3.23.41-5.3mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/SRPMS/MySQL-3.23.41-5.3mdk.src.rpm

Mandrake Linux 8.1/IA64:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/RPMS/MySQL-3.23.41-5.3mdk.ia64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/RPMS/MySQL-bench-3.23.41-5.3mdk.ia64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/RPMS/MySQL-client-3.23.41-5.3mdk.ia64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/RPMS/MySQL-devel-3.23.41-5.3mdk.ia64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/RPMS/MySQL-shared-3.23.41-5.3mdk.ia64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/SRPMS/MySQL-3.23.41-5.3mdk.src.rpm

Mandrake Linux 8.2:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/libmysql10-3.23.47-5.3mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/libmysql10-devel-3.23.47-5.3mdk.i

链接:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:013

来源:BID

链接:https://www.securityfocus.com/bid/6718

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A436

来源:XF

链接:http://www.iss.net/security_center/static/11199.php

来源:DEBIAN

链接:https://www.debian.org/security/2003/dsa-303

来源:CONECTIVA

链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743

来源:ENGARDE

链接:http://www.linuxsecurity.com/advisories/engarde_advisory-2873.html

来源:REDHAT

链接:http://www.redhat.com/support/errata/RHSA-2003-094.html

来源:REDHAT

链接:http://www.redhat.com/support/errata/RHSA-2003-166.html

来源:CONFIRM

链接:http://www.mysql.com/doc/en/News-3.23.55.html

来源:BUGTRAQ

链接:http://marc.info/?l=bugtraq&m=104385719107879&w=2

来源:REDHAT

链接:http://www.redhat.com/support/errata/RHSA-2003-093.html