CVE-2001-0818
CVSS7.5
发布时间 :2001-12-06 00:00:00
修订时间 :2008-09-05 16:24:59
NMCOES    

[原文]A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier allows remote attackers to execute arbitrary commands by sending the command a large amount of data.


[CNNVD]MDBMS查询显示缓冲区溢出漏洞(CNNVD-200112-075)

        CVE(CAN) ID: CAN-2001-0818
        
        
        
        MDBMS是UNIX平台下的关系数据库管理系统,当用"\s"命令来显示查询结果时,如果
        
        这个结果的数据量比较大的话,就会导致缓冲区溢出。
        
        
        
        有问题的代码在interface.cc文件中:
        
        
        
        void user::uprintf(char *s, ...)
        
        {
        
         char b[10000];
        
         int len=strlen(outbuf), newlen;
        
         va_list ap;
        
         va_start(ap,s);
        
         vsprintf(b,s,ap); <----
        
         va_end(ap);
        
         newlen=strlen(b);
        
         while (newlen+len+10>=outsize) outbuf=(char*)realloc(outbuf,outsize+=1000);
        
         strcat(outbuf,b);
        
         FD_SET(fd,&parent->wmask);
        
        }
        
        
        
        
        
        远程用户可以利用这个漏洞以root身份执行任意代码。
        
        
        
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:marty_bochane:mdbms:0.99b4
cpe:/a:marty_bochane:mdbms:0.99b9
cpe:/a:marty_bochane:mdbms:0.99b5
cpe:/a:marty_bochane:mdbms:0.96b6
cpe:/a:marty_bochane:mdbms:0.99b6

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0818
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0818
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200112-075
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/static/6700.php
(VENDOR_ADVISORY)  XF  mdbms-query-display-bo(6700)
http://www.securityfocus.com/bid/2867
(VENDOR_ADVISORY)  BID  2867
http://www.securityfocus.com/archive/1/190933
(VENDOR_ADVISORY)  BUGTRAQ  20010612 Remote buffer overflow in MDBMS.

- 漏洞信息

MDBMS查询显示缓冲区溢出漏洞
高危 边界条件错误
2001-12-06 00:00:00 2006-03-02 00:00:00
远程  
        CVE(CAN) ID: CAN-2001-0818
        
        
        
        MDBMS是UNIX平台下的关系数据库管理系统,当用"\s"命令来显示查询结果时,如果
        
        这个结果的数据量比较大的话,就会导致缓冲区溢出。
        
        
        
        有问题的代码在interface.cc文件中:
        
        
        
        void user::uprintf(char *s, ...)
        
        {
        
         char b[10000];
        
         int len=strlen(outbuf), newlen;
        
         va_list ap;
        
         va_start(ap,s);
        
         vsprintf(b,s,ap); <----
        
         va_end(ap);
        
         newlen=strlen(b);
        
         while (newlen+len+10>=outsize) outbuf=(char*)realloc(outbuf,outsize+=1000);
        
         strcat(outbuf,b);
        
         FD_SET(fd,&parent->wmask);
        
        }
        
        
        
        
        
        远程用户可以利用这个漏洞以root身份执行任意代码。
        
        
        
        

- 公告与补丁

        
        
        解决方法:
        
        
        
        请升级到最新版本
        
        
        
        厂商补丁:
        
        
        
        MDBMS 1.0已经解决了这个安全问题:
        
        
        
        
        http://www.hinttech.com/mdbms/tar/mdbms1.0.source.tar.gz

        

- 漏洞信息 (20924)

MDBMS 0.96/0.99 Query Display Buffer Overflow Vulnerability (EDBID:20924)
linux remote
2001-06-12 Verified
0 teleh0r
N/A [点击下载]
source: http://www.securityfocus.com/bid/2867/info

MDBMS is a free relational database management system.

A buffer overflow condition exists in MDBMS. By issuing the '\s' command to display the query buffer when it contains a large amount of data, it may be possible for a remote user to trigger this condition and execute arbitrary code.

http://www.exploit-db.com/sploits/20924.tar.gz		

- 漏洞信息

13977
MDBMS \s Console Command Remote Overflow
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

A remote overflow exists in MDBMS. The MDBMS server fails to correctly limit the size of an incoming command when a \s console command is used resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

- 时间线

2001-06-12 Unknow
2001-06-12 Unknow

- 解决方案

Upgrade to version 1.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

MDBMS Query Display Buffer Overflow Vulnerability
Boundary Condition Error 2867
Yes No
2001-06-12 12:00:00 2009-07-11 06:56:00
Reported by teleh0r <teleh0r@digit-labs.org> on June 12, 2001.

- 受影响的程序版本

Marty Bochane MDBMS 0.99 b9
- RedHat Linux 7.1
- RedHat Linux 7.0
Marty Bochane MDBMS 0.99 b6
Marty Bochane MDBMS 0.99 b5
Marty Bochane MDBMS 0.99 b4
Marty Bochane MDBMS 0.96 b6

- 漏洞讨论

MDBMS is a free relational database management system.

A buffer overflow condition exists in MDBMS. By issuing the '\s' command to display the query buffer when it contains a large amount of data, it may be possible for a remote user to trigger this condition and execute arbitrary code.

- 漏洞利用

The following exploit was provided by teleh0r &lt;teleh0r@digit-labs.org&gt;:

- 解决方案

Vendor updates that rectify this issue are available:


Marty Bochane MDBMS 0.99 b9

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站