CVE-2001-1255
CVSS4.6
发布时间 :2001-10-02 00:00:00
修订时间 :2008-09-10 15:10:03
NMCOS    

[原文]WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database.


[CNNVD]WinMySQLadmin 明文口令保存漏洞(CNNVD-200110-015)

        CVE(CAN) ID: CAN-2001-1255
        
        
        
        WinMySQLadmin 1.1中存在一个安全问题,可能导致泄漏MySQL数据库的口令信息。
        
        
        
        问题在于它将MySQL的口令以明文方式保存在文本文件中,该文件缺省在:C:\WINNT\
        
        MY.INI.如果攻击者可以访问到这个文件,就可以获取MySQL数据库的访问口令,这可能
        
        导致攻击者远程访问或控制MySQL数据库系统,进而可能控制远程系统。
        
        
        
        ------
        
        #This File was made using the WinMySQLadmin 1.1 Tool
        
        
        
        
        
        [mysqld]
        
        basedir=C:/mysql
        
        datadir=C:/mysql/data
        
        
        
        
        
        [WinMySQLadmin]
        
        Server=C:/mysql/bin/mysqld-nt.exe
        
        user=admin
        
        password=XXXXX (in clear text)
        
        QueryInterval=30
        
        ------
        
        
        
        

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:mysql:mysql:3.23MySQL MySQL 3.23
cpe:/a:mysql:winmysqladmin:1.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1255
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-1255
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200110-015
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/3381
(UNKNOWN)  BID  3381
http://www.iss.net/security_center/static/7206.php
(VENDOR_ADVISORY)  XF  winmysqladmin-password-plaintext(7206)
http://online.securityfocus.com/archive/1/217848
(VENDOR_ADVISORY)  BUGTRAQ  20011002 WinMySQLadmin 1.1 Store MySQL password in clear text

- 漏洞信息

WinMySQLadmin 明文口令保存漏洞
中危 设计错误
2001-10-02 00:00:00 2006-03-28 00:00:00
本地  
        CVE(CAN) ID: CAN-2001-1255
        
        
        
        WinMySQLadmin 1.1中存在一个安全问题,可能导致泄漏MySQL数据库的口令信息。
        
        
        
        问题在于它将MySQL的口令以明文方式保存在文本文件中,该文件缺省在:C:\WINNT\
        
        MY.INI.如果攻击者可以访问到这个文件,就可以获取MySQL数据库的访问口令,这可能
        
        导致攻击者远程访问或控制MySQL数据库系统,进而可能控制远程系统。
        
        
        
        ------
        
        #This File was made using the WinMySQLadmin 1.1 Tool
        
        
        
        
        
        [mysqld]
        
        basedir=C:/mysql
        
        datadir=C:/mysql/data
        
        
        
        
        
        [WinMySQLadmin]
        
        Server=C:/mysql/bin/mysqld-nt.exe
        
        user=admin
        
        password=XXXXX (in clear text)
        
        QueryInterval=30
        
        ------
        
        
        
        

- 公告与补丁

        
        
        临时解决方法:
        
        
        
        不使用WinMySQLadmin保存口令选项或者限制对此文件的访问权限。
        
        
        
        厂商补丁:
        
        
        
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商
        
        的主页以获取最新版本:
        
        
        http://www.mysql.com/downloads/os-win32.html

- 漏洞信息

2144
WinMySQLadmin my.ini Cleartext Password Disclosure
Cryptographic, Information Disclosure
Loss of Confidentiality

- 漏洞描述

MySQL3, MySQL4, and WinMySQLadmin for Win32 contain a flaw that allows malicious users to obtain usernames and passwords. This is possible due to MySQL's insecure storage of user information unencrypted on the filesystem. Local access to the system running the MySQL software is required.

- 时间线

2003-08-19 2001-10-02
Unknow Unknow

- 解决方案

Do not allow untrusted users access to the system running MySQL on all Windows systems, as well as WinMySQLadmin version 1.1. Only allow trusted users local access to the database host, or apply access restrictions to the c:\winnt\my.ini file.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

WinMySQLadmin Plain Text Password Storage Vulnerability
Design Error 3381
No Yes
2001-10-02 12:00:00 2009-07-11 07:56:00
Discovered and posted to Bugtraq by Cabezon Aurélien <aurelien.cabezon@iSecureLabs.com> on Oct 2, 2001.

- 受影响的程序版本

MySQL AB WinMySQLadmin 1.1
MySQL AB MySQL 3.23 .x

- 漏洞讨论

A vunerability exists in WinMySQLadmin 1.1 that may result in the disclosure of sensitive authentication information for MySQL.

If a local user gained access to the 'my.ini' file, it is possible to retrieve configuration and authentication information for MySQL. The contents of this file are in plain text.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站