绿盟科技NSFOCUS安全漏洞系统

安全研究

安全漏洞

MySQL Server权限提升及拒绝服务漏洞

发布日期：2007-11-30
更新日期：2007-12-14

受影响系统：

MySQL AB MySQL 6.0.x
MySQL AB MySQL 5.1.x
MySQL AB MySQL 5.0.x

不受影响系统：

MySQL AB MySQL 6.0.4
MySQL AB MySQL 5.1.23
MySQL AB MySQL 5.0.52

描述：

BUGTRAQ  ID: 26832
CVE(CAN) ID: CVE-2007-6303,CVE-2007-6304

MySQL是一款使用非常广泛的开放源代码关系数据库系统，拥有各种平台的运行版本。

在视图已经更改时MySQL没有更新视图的DEFINER值，这允许已认证的远程攻击者通过一系列的CREATE SQL SECURITY DEFINER VIEW和ALTER VIEW语句获得权限提升。

MySQL的federated引擎在执行某些SHOW TABLE STATUS查询时没有正确地处理少量列数的响应，如果响应缺少必须的最少列数的话，就可能导致远程MySQL服务器崩溃。

<*来源：Philip Stoev
        Martin Friebe

  链接：http://bugs.mysql.com/bug.php?id=29908
        http://bugs.mysql.com/bug.php?id=29801
        http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html
        http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html
        http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html
        http://www.debian.org/security/2008/dsa-1451
*>

建议：

临时解决方法：

* 使用mysql_num_fields()判断查询是否返回了预期的列数。

厂商补丁：

Debian
------
Debian已经为此发布了一个安全公告（DSA-1451-1）以及相应补丁:
DSA-1451-1：New mysql-dfsg-5.0 packages fix several
链接：http://www.debian.org/security/2008/dsa-1451

补丁下载：
Source archives:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch4.dsc
Size/MD5 checksum:     1117 b448b40bc145106d8966508c9fa0c45b
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch4.diff.gz
Size/MD5 checksum:   161485 31b9376a42bca78d5ac7fda259aff1ca
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz
Size/MD5 checksum: 16439441 f99df050b0b847adf7702b44e79ac877

Architecture independent packages:

http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch4_all.deb
Size/MD5 checksum:    45454 45ff1308d626044f160a0b3fe89c9a34
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch4_all.deb
Size/MD5 checksum:    47532 d23b1ed2a3fd2ba381dd200c11c86b31
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch4_all.deb
Size/MD5 checksum:    53798 517bf124cde29920eb3b24a5adbf435d

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_alpha.deb
Size/MD5 checksum:  8912516 3983707301e692ba4ee6566f421c173e
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_alpha.deb
Size/MD5 checksum:  1949958 16c2af9a5dd3f4fd0b67a0bb9d268c13
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_alpha.deb
Size/MD5 checksum:    47574 7f993fb934a3d889eca00ad7458d201b
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_alpha.deb
Size/MD5 checksum:  8407960 17c00a7f8e950efb3cf4e83c63f8efa6
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_alpha.deb
Size/MD5 checksum: 27367792 ed5ec8d7ef2b8476d5271b53a4d20931

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_amd64.deb
Size/MD5 checksum:  7375976 01018314a32846aeabd3feed31b22135
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_amd64.deb
Size/MD5 checksum:  1829734 42ab75fdb7d1534041d17e6b74dfb5dc
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_amd64.deb
Size/MD5 checksum:    47548 6a16b6f6d8b12a924c804e859acd99a0
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_amd64.deb
Size/MD5 checksum: 25939478 8e23c2e305c1f374074a568f3b84dbd3
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_amd64.deb
Size/MD5 checksum:  7546720 9d184ca3dd41066d55f11a9ab2c75e11

arm architecture (ARM)

http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_arm.deb
Size/MD5 checksum:  6928896 28be799c6790473b69d312b78b5cbeb6
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_arm.deb
Size/MD5 checksum:  1747492 6a3557a1b84ef68463aa172952c42db3
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_arm.deb
Size/MD5 checksum:    47584 3322d9cfd5e3defbc71985e08fce07ab
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_arm.deb
Size/MD5 checksum:  7204274 f158e1a4da87a26b0d0dd2fd1ee0702f
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_arm.deb
Size/MD5 checksum: 25345778 1994637d98c3fe0847a0b319f92a58d8

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_hppa.deb
Size/MD5 checksum:  1920058 b2999058fa46d18e576cf44cccffbc0a
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_hppa.deb
Size/MD5 checksum:    47550 2ac205e164e6f4a21982b98482b6ec70
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_hppa.deb
Size/MD5 checksum:  8004732 50a77fe7efc50639fb79f5c220a9f3c2
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_hppa.deb
Size/MD5 checksum: 27055306 6efd1c4ffe384cfe9824f90a2e7635b9
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_hppa.deb
Size/MD5 checksum:  8045346 1f7c6279b669a1513afcffb1c3c9820b

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_i386.deb
Size/MD5 checksum:  6967518 90e037769d009b66b6646e2bd642243b
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_i386.deb
Size/MD5 checksum:  7190322 6c04a633ab66eb1db06a455eeb373e18
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_i386.deb
Size/MD5 checksum:    47556 badcb9d2aee69d6d8b71cea1d06567e1
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_i386.deb
Size/MD5 checksum:  1791490 f12450ac3d0cc9dbaa35d59b85a83180
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_i386.deb
Size/MD5 checksum: 25229424 4e3a500d94d752e4f9d3e446d39ae88b

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_ia64.deb
Size/MD5 checksum: 30408484 ba2c4576d79e420139032395137be316
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_ia64.deb
Size/MD5 checksum:  2114788 2744d8310d333a15fd5ed2cca82cdf02
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_ia64.deb
Size/MD5 checksum:    47548 03c625c1d32fae4a5afc74a59bc3d0dd
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_ia64.deb
Size/MD5 checksum: 10341340 99101f3b7ae403da7dfde8d113683455
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_ia64.deb
Size/MD5 checksum:  9736582 2fc103b7beb1ae8c0fa8e035ecb938fa

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_mips.deb
Size/MD5 checksum:  1835278 5538a105c6cd230b83d3f87ab3bd80bd
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_mips.deb
Size/MD5 checksum: 26339182 742476c64082de4d6fe36a649f5e6b2a
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_mips.deb
Size/MD5 checksum:    47552 3332a7b97502a686f1100baa6efe1839
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_mips.deb
Size/MD5 checksum:  7655706 926e3f17e24bffa92251ab72a5059bcf
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_mips.deb
Size/MD5 checksum:  7748160 85dee0ad842d92b13f1c825698f8f24b

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_mipsel.deb
Size/MD5 checksum:  1788990 d7f4c92c38975ba941f5c99fb5465e52
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_mipsel.deb
Size/MD5 checksum:  7560122 4880263fde3bee027a64e73c3393b64c
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_mipsel.deb
Size/MD5 checksum:    47552 a687e4ca58c343c338ee95e2e3e88c24
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_mipsel.deb
Size/MD5 checksum: 25844698 60de7a718cc33de8d1af0e4efffe9e5d
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_mipsel.deb
Size/MD5 checksum:  7639674 46049fa456a0b401ccec2a81c5587212

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_powerpc.deb
Size/MD5 checksum: 26163868 af7b2215ce8821b3ed5f05435492e5f4
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_powerpc.deb
Size/MD5 checksum:    47554 086bce94d2993e7943c995bf1fa097fc
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_powerpc.deb
Size/MD5 checksum:  1832116 dbfda8d56ffb5a988b6a01eb093e3d57
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_powerpc.deb
Size/MD5 checksum:  7572800 44021e7ee4f7ceb2bd5f4684a90798dc
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_powerpc.deb
Size/MD5 checksum:  7511456 da087cf4d448baec46b5057e9bbd8e0f

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_s390.deb
Size/MD5 checksum: 26763368 031740301ad6f5e15876fbb959a2f937
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_s390.deb
Size/MD5 checksum:  7412974 0e9611acc3d3ad40ecf2cef21daa35f7
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_s390.deb
Size/MD5 checksum:  7507600 fc97e1f896237b8a6150e520d9ab21fd
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_s390.deb
Size/MD5 checksum:    47552 67c7c6cf8236017b8c1cbe134f96ec27
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_s390.deb
Size/MD5 checksum:  1951428 54c2d83136aa5de7c4aaae7c814817d5

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_sparc.deb
Size/MD5 checksum:  1797188 668c5eb76297d82fa52df320e89f39c7
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_sparc.deb
Size/MD5 checksum: 25424640 da894b39ece9c2b0143724a2571207a7
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_sparc.deb
Size/MD5 checksum:  7152702 311913d32eadfa52c494fe4bbe748cb6
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_sparc.deb
Size/MD5 checksum:    47550 dcd7f1dbbc566ac28e5abd94978b603c
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_sparc.deb
Size/MD5 checksum:  7013012 2b3ac8be159f956779af823761d72262

补丁安装方法：

1. 手工安装补丁包：

  首先，使用下面的命令来下载补丁软件：
  # wget url  (url是补丁下载链接地址)

  然后，使用下面的命令来安装补丁：
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包：

   首先，使用下面的命令更新内部数据库：
   # apt-get update

   然后，使用下面的命令安装更新软件包：
   # apt-get upgrade

MySQL AB
--------
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

http://www.mysql.com/

浏览次数：4602
严重程度：0（网友投票）

本安全漏洞由绿盟科技翻译整理，版权所有，未经许可，不得转载
绿盟科技给您安全的保障

关于我们: 公司介绍; 公司荣誉; 公司新闻

联系我们: 公司总部; 分支机构; 海外机构

快速链接: 绿盟云; 绿盟威胁情报中心NTI; 技术博客