安全研究
安全漏洞
MySQL MyISAM表绕过权限检查漏洞
发布日期:2008-05-08
更新日期:2008-05-09
受影响系统:
MySQL AB MySQL 5.0不受影响系统:
MySQL AB MySQL 4.x
MySQL AB MySQL 5.0.60 [MRU]描述:
MySQL AB MySQL 4.1.24
BUGTRAQ ID: 29106
CVE(CAN) ID: CVE-2008-2079
MySQL是一款使用非常广泛的开放源代码关系数据库系统,拥有各种平台的运行版本。
当用户在MySQL数据库中以以下选项创建MyISAM表时:
CREATE TABLE ( ) DATA DIRECTORY ... INDEX DIRECTORY ...
就可能覆盖MySQL数据目录中的已有表格文件,绕过权限检查在其他数据库中创建表格。
<*来源:Sergei Golubchik
链接:http://secunia.com/advisories/30134/
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html
http://bugs.mysql.com/bug.php?id=32167
http://www.debian.org/security/2008/dsa-1608
https://www.redhat.com/support/errata/RHSA-2009-1289.html
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
test> create table t1 (a int) data directory '/MySQL/var/mysql', index directory
'/MySQL/var/mysql';
root> flush tables;
root> create table t1 (a int);
root> insert t1 values (1),(2),(3);
root> flush tables;
test> select * from t1;
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1608-1)以及相应补丁:
DSA-1608-1:New mysql-dfsg-5.0 packages fix authorization bypass
链接:http://www.debian.org/security/2008/dsa-1608
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch6.diff.gz
Size/MD5 checksum: 266482 42faf9d31d5bf1674d5b241ff49341cf
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz
Size/MD5 checksum: 16439441 f99df050b0b847adf7702b44e79ac877
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch6.dsc
Size/MD5 checksum: 1117 367176f5e877cf3c46c662b87275f901
Architecture independent packages:
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch6_all.deb
Size/MD5 checksum: 45888 48a61918f72d865970ef48bc4eeb3466
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch6_all.deb
Size/MD5 checksum: 54220 72f5ee84fa60b0871600fbe5fd4f5a74
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch6_all.deb
Size/MD5 checksum: 47968 e8a2d9a5f13043c67a3d9ba4caa57a3c
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_alpha.deb
Size/MD5 checksum: 1947356 1cd753a88978d41452bffc772323eb83
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_alpha.deb
Size/MD5 checksum: 8909108 61b392dc0be2b82c3e6a5657ad06fca8
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_alpha.deb
Size/MD5 checksum: 27381852 9e9fc87afceae3cb7c157369843a30ad
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_alpha.deb
Size/MD5 checksum: 47992 8798c205394f39c843df143db2ba37af
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_alpha.deb
Size/MD5 checksum: 8405314 f52f8049cb3080bca02eeba5c2e14a1d
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_amd64.deb
Size/MD5 checksum: 47990 3662d9f51257c5fc57e7a20b90a6f33d
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_amd64.deb
Size/MD5 checksum: 7371044 0fd9eb3504a9958b1f709a48649b41c0
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_amd64.deb
Size/MD5 checksum: 25815708 3fd278cba985110a578fc8d5bc76f8e9
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_amd64.deb
Size/MD5 checksum: 1830958 6cc454236571032d4c723a4084cae535
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_amd64.deb
Size/MD5 checksum: 7548576 ce08e3855077d14ddf73d70362faaaf1
arm architecture (ARM)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_arm.deb
Size/MD5 checksum: 1748158 271c0b333e4404ac1a3230e13e182c70
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_arm.deb
Size/MD5 checksum: 6930330 70477965987251fa25ace71df5c200f7
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_arm.deb
Size/MD5 checksum: 25345976 f7908a64856451893285ebaebb4f6125
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_arm.deb
Size/MD5 checksum: 48034 90284b682bc77e4401c216f3f49d8995
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_arm.deb
Size/MD5 checksum: 7205572 7ebe1cb99dbb00a4db7ee387c2533a44
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_hppa.deb
Size/MD5 checksum: 8054566 6ed6093c2dae6999126eacf5309e4474
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_hppa.deb
Size/MD5 checksum: 47990 688427cc2115f9260546013364aca60b
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_hppa.deb
Size/MD5 checksum: 1922788 5645332118ae75b274e760c448150f1b
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_hppa.deb
Size/MD5 checksum: 27172760 bc2bfe60a4ff106fade4da459e07a5eb
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_hppa.deb
Size/MD5 checksum: 8004968 53ba9f2f9c169765ad97900efb5f9c1a
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_i386.deb
Size/MD5 checksum: 1792338 2bfed729400306f35a68d210af5a6666
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_i386.deb
Size/MD5 checksum: 7198430 0c542cde542474c58468b52f97890ec2
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_i386.deb
Size/MD5 checksum: 6959158 2c879cabd32fec019ebbf110b43c9e62
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_i386.deb
Size/MD5 checksum: 47990 ba04b03ff5cfb960c9a7b461fe879928
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_i386.deb
Size/MD5 checksum: 25225784 2382d6a8f5e57dc84060b51116b03833
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_ia64.deb
Size/MD5 checksum: 2115542 0bb8b1f251231f14bfa27f0138f01a5d
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_ia64.deb
Size/MD5 checksum: 9737938 41806cfb4504905e6be20f3047aefdf0
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_ia64.deb
Size/MD5 checksum: 30409676 b6f620c479e5d2a1aa9f9e20e5382849
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_ia64.deb
Size/MD5 checksum: 47992 a6d309557d081dc76b60c359977cf805
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_ia64.deb
Size/MD5 checksum: 10342514 25e2a3dbf910557ed1899ef1dce83cd8
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_mips.deb
Size/MD5 checksum: 48020 7192dc50d43ca3d5710bfe2501fd0ee1
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_mips.deb
Size/MD5 checksum: 26471616 c8f937742bb947ed1994ee4bfb59f4ea
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_mips.deb
Size/MD5 checksum: 1835022 b6d0c5c0eb384329ec2678b43380d8fb
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_mips.deb
Size/MD5 checksum: 7759368 7121a9cfcdbf26a89fc95e00113a20fb
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_mips.deb
Size/MD5 checksum: 7672846 5fbe3662bc253bda3ccf62c8c78d7cf4
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_mipsel.deb
Size/MD5 checksum: 7641076 937625ccc622b46c4c6a5cffeda033ec
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_mipsel.deb
Size/MD5 checksum: 1789730 90d351c1551367cc5e77d008236402cd
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_mipsel.deb
Size/MD5 checksum: 25845336 ed42a4ccbb7057dc660197fee3566682
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_mipsel.deb
Size/MD5 checksum: 47992 1c0eb8257b01d13b4bf0f70d97612e67
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_mipsel.deb
Size/MD5 checksum: 7561054 d5fbe5e214b39736f6eb13c2633fd102
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_powerpc.deb
Size/MD5 checksum: 7573142 49364df9e5cd4842fd9f72a40589d18c
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_powerpc.deb
Size/MD5 checksum: 47990 1eceb3165524be6ce46a6a1cab526a24
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_powerpc.deb
Size/MD5 checksum: 7512578 e78ebeed9529c4bddd4976a1181d86e6
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_powerpc.deb
Size/MD5 checksum: 26165058 0c20e4fb11a5b89b572d177b86cde355
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_powerpc.deb
Size/MD5 checksum: 1832632 7e633b4febc3d0bfcb6c993cf85574c0
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_s390.deb
Size/MD5 checksum: 7414202 4ff1d98b4b41543fdb24fc3be75b2835
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_s390.deb
Size/MD5 checksum: 47988 8734d7200d69ed73cda3c80ec9115247
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_s390.deb
Size/MD5 checksum: 7507338 921ca2feff00e5d2c0a36e34403538f0
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_s390.deb
Size/MD5 checksum: 1952002 ca93cf34f53f7d2c3094157142df632f
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_s390.deb
Size/MD5 checksum: 26764624 d785bab765139dcb98872a2b96b85909
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_sparc.deb
Size/MD5 checksum: 1797778 6df91c9bce65192cdb3063c3111e941d
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_sparc.deb
Size/MD5 checksum: 47992 b7d1d6f2ff76ef9bcf126d2dd773bb72
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_sparc.deb
Size/MD5 checksum: 7014210 f23cf47cc8b16e28f22c1a13b4a6936c
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_sparc.deb
Size/MD5 checksum: 25426696 16bfb42f9a4dab6146df47568da158df
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_sparc.deb
Size/MD5 checksum: 7153268 811916b6dec1eeae2ddb9822dacea994
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
MySQL AB
--------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.mysql.com/
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2009:1289-02)以及相应补丁:
RHSA-2009:1289-02:Moderate: mysql security and bug fix update
链接:https://www.redhat.com/support/errata/RHSA-2009-1289.html
浏览次数:4685
严重程度:0(网友投票)
绿盟科技给您安全的保障