 |
|
 |
您现在的位置: 精品下载 >> 安全 >> 网络安全 >> 安全中心正文 |  用户登录  新用户注册 |
|
||||
| MySQL Server date_format()拒绝服务漏洞 | ||||
| 作者:佚名 安全中心来源:不详 点击数: 更新时间:2007-10-10 | ||||
MySQL Server date_format 描述: MySQL Server date_format()拒绝服务漏洞 详细: MySQL是一款使用非常广泛的开放源代码关系数据库系统,拥有各种平台的运行版本。 MySQL服务器的date_format()函数在处理用户提交的参数时存在漏洞,畸形的参数数据会导致MySQL服务器崩溃。 如果用户用特别的SQL语句调用了MySQL的date_format()函数的话,就可能导致服务器崩溃。 <*来源:Christian Hammers 链接:(http://bugs.mysql.com/bug.php?id=20729 (http://www.debian.org/security/2005/dsa-1112 *> 受影响系统: Debian Linux 3.1 MySQL AB MySQL < 5.1.6 MySQL AB MySQL < 5.0.19 MySQL AB MySQL < 4.1.18 不受影响系统: MySQL AB MySQL 5.1.6 MySQL AB MySQL 5.0.19 MySQL AB MySQL 4.1.18 攻击方法: 警 告 以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负! select date_format('%d%s', 1); 解决方案: 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1112-1)以及相应补丁: DSA-1112-1:New mysql-dfsg-4.1 packages fix denial of service 链接:( 补丁下载: Source archives: (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge5.dsc Size/MD5 checksum: 1021 9cd4f7df9345856d06846e0ddb50b9ee (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge5.diff.gz Size/MD5 checksum:168442 e45db0b01b3adaf09500d54090f3a1e1 (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a.orig.tar.gz Size/MD5 checksum: 15771855 3c0582606a8903e758c2014c2481c7c3 Architecture independent components: (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.11a-4sarge5_all.deb Size/MD5 checksum: 36520 e8115191126dc0b373a53024e5c78733 Alpha architecture: (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_alpha.deb Size/MD5 checksum: 1590788 297b4444903885a19c76a1217e83477d (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_alpha.deb Size/MD5 checksum: 7965184 8df4e20d157517541228fa52e4c60dbc (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_alpha.deb Size/MD5 checksum: 1000952 4d62bca949f80c09f043a78b9e701ca5 (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_alpha.deb Size/MD5 checksum: 17487070 b357fcab1b57764e1ee8a341dd30def3 AMD64 architecture: (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_amd64.deb Size/MD5 checksum: 1452034 a22b66b8e00b2409bf1428834af1073b (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_amd64.deb Size/MD5 checksum: 5551704 731f50735026de2b95d9e9d9e19a7717 (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_amd64.deb Size/MD5 checksum:849526 a0a5d944db8261044bcdddbe55ab03d6 (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_amd64.deb Size/MD5 checksum: 14711282 bf471f8b19fe0aa14bf04209c0eac975 ARM architecture: (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_arm.deb Size/MD5 checksum: 1388864 1ed00eac905063c7caa7702bb6a4dcda (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_arm.deb Size/MD5 checksum: 5558854 46fac3302d6e4677bb1dbce5f5aa1387 (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_arm.deb Size/MD5 checksum:836766 5487191a4af54786066ac720456b5b68 (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_arm.deb Size/MD5 checksum: 14557630 1369e1f83fad8dfcbea1618e0acd821e Intel IA-32 architecture: (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_i386.deb Size/MD5 checksum: 1418036 ab5768abe67a1d21c714a078f2ec86f0 (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_i386.deb Size/MD5 checksum: 5643732 bf891e68e488947fd28a940a367d722f (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_i386.deb Size/MD5 checksum:830724 f5d4a9e5b289d895ba021190f907829f (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_i386.deb Size/MD5 checksum: 14558034 b580eeaf7a3806b95a07435acbe48e27 Intel IA-64 architecture: (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_ia64.deb Size/MD5 checksum: 1713308 0067b2b9c41a412defde52f366e3c897 (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_ia64.deb Size/MD5 checksum: 7782486 3aabc5d9cf4bd642de338d58bdaf06f5 (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_ia64.deb Size/MD5 checksum: 1050616 d23aac0cd8ee2af56e54dfb5bac2f330 (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_ia64.deb Size/MD5 checksum: 18475936 9ddfe01a4b31abfed11b9bde23fac76f HP Precision architecture: (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_hppa.deb Size/MD5 checksum: 1551202 77244af3e0edbeaf716764fe9ac81e6f (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_hppa.deb Size/MD5 checksum: 6250286 fd9cb45d760605ee2a89f70af5cb9af3 (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_hppa.deb Size/MD5 checksum:910046 38698cebd4b9f438fd09d9bbb9dcd92c (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_hppa.deb Size/MD5 checksum: 15791130 8517866821789c2ac7343f9db6f59d3f Motorola 680x0 architecture: (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_m68k.deb Size/MD5 checksum: 1397964 e5166b54d56236e0bcbd677ae0b0612f (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_m68k.deb Size/MD5 checksum: 5284080 48f187b76145ed53de71074d1e19bd6a (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_m68k.deb Size/MD5 checksum:803870 699c9078240853a353fbd70504285d51 (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_m68k.deb Size/MD5 checksum: 14072018 f2837081c2ff82f8510234e174db38b4 Big endian MIPS architecture: (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_mips.deb Size/MD5 checksum: 1478938 f6865d5d185ecc5b20dac7d0d7e129da (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_mips.deb Size/MD5 checksum: 6053046 43b3f77618248df20870c85301465095 (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_mips.deb Size/MD5 checksum:904490 351bde467510be873c1a2cdc57048523 (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_mips.deb Size/MD5 checksum: 15409966 a0332059581d3de6922e9313d6eef676 Little endian MIPS architecture: (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_mipsel.deb Size/MD5 checksum: 1446348 46a4c7d996016a4adcf56440b05fef21 (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_mipsel.deb Size/MD5 checksum: 5971326 6467ab19215d4e0e45084d3530929683 (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_mipsel.deb Size/MD5 checksum:890130 52b93510c81b7d296074fc4c36a6d847 (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_mipsel.deb Size/MD5 checksum: 15105474 1ffe09b6dc5b370067bf337109188a25 PowerPC architecture: (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_powerpc.deb Size/MD5 checksum: 1476860 3b5a3a41dcb3744a289e78e3310d1df1 (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_powerpc.deb Size/MD5 checksum: 6027448 99a562b660721bc4dacd8997de8aab1f (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_powerpc.deb Size/MD5 checksum:907410 9893e547ddfe66215e6bc3da4bf69724 (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_powerpc.deb Size/MD5 checksum: 15403210 25c8ae97be006ad171df2f3bdedc72a2 IBM S/390 architecture: (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_s390.deb Size/MD5 checksum: 1538550 b105d416c3bcd7875984cecac926d076 (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_s390.deb Size/MD5 checksum: 5461556 00100b922054d9b9c3fc22b3a92b60c7 (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_s390.deb Size/MD5 checksum:884294 37fe2778f39871852f9fa53677cffe2c (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_s390.deb Size/MD5 checksum: 15055516 c22496ba5559e2fbb1f0a37cd889ee0b Sun Sparc architecture: (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_sparc.deb Size/MD5 checksum: 1460576 f4a2d46769a708b1ef70aa85e2b09277 (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_sparc.deb Size/MD5 checksum: 6208040 3dc2de911cc6cbcb4f637bfccbce988a (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_sparc.deb Size/MD5 checksum:868258 1671384fa14d81404e3af7ffb555073e (http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_sparc.deb Size/MD5 checksum: 15392304 6d9b9d762aa6088e416c1b987f853e96 补丁安装方法: 1. 手工安装补丁包: 首先,使用下面的命令来下载补丁软件: # wget url (url是补丁下载链接地址) 然后,使用下面的命令来安装补丁: # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包: 首先,使用下面的命令更新内部数据库: # apt-get update 然后,使用下面的命令安装更新软件包: # apt-get upgrade MySQL AB -------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: (http://www.mysql.com/ |
网友评论:(只显示最新10条。评论内容只代表网友观点,与本站立场无关!)