CVE-2002-1373
CVSS5.0
发布时间 :2002-12-23 00:00:00
修订时间 :2016-10-17 22:26:28
NMCOS    

[原文]Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.


[CNNVD]MySQL COM_TABLE_DUMP内存破坏漏洞(CNNVD-200212-051)

        
        MySQL是一款开放源代码关系型数据库系统。
        MySQL不正确处理畸形COM_TABLE_DUMP服务端命令,远程攻击者可以利用这个漏洞传递恶意畸形参数而导致发生拒绝服务攻击。
        MySQL < 4.x处理COM_TABLE_DUMP时从包中接收两个字符,并直接给赋值无符号整数,使用它们作为memcpy()的长度参数,而由于对字符缺少正确检查,因此如果字符中包含负值就会转化为超大的一个值。由于这个操作是堆和堆之间的拷贝操作,会导致内存分配不足而产生SIGSEGV错误,使服务崩溃。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:mysql:mysql:3.23.26MySQL MySQL 3.23.26
cpe:/a:mysql:mysql:3.23.48MySQL MySQL 3.23.48
cpe:/a:mysql:mysql:3.23.27MySQL MySQL 3.23.27
cpe:/a:mysql:mysql:3.23.49MySQL MySQL 3.23.49
cpe:/a:mysql:mysql:3.23.24MySQL MySQL 3.23.24
cpe:/a:mysql:mysql:3.23.46MySQL MySQL 3.23.46
cpe:/a:mysql:mysql:3.23.25MySQL MySQL 3.23.25
cpe:/a:mysql:mysql:3.23.47MySQL MySQL 3.23.47
cpe:/a:mysql:mysql:3.23.28MySQL MySQL 3.23.28
cpe:/a:mysql:mysql:3.23.29MySQL MySQL 3.23.29
cpe:/a:mysql:mysql:3.23.51MySQL MySQL 3.23.51
cpe:/a:mysql:mysql:3.23.30MySQL MySQL 3.23.30
cpe:/a:mysql:mysql:3.23.52MySQL MySQL 3.23.52
cpe:/a:mysql:mysql:3.23.50MySQL MySQL 3.23.50
cpe:/a:mysql:mysql:3.23.44MySQL MySQL 3.23.44
cpe:/a:mysql:mysql:3.22.32MySQL MySQL 3.22.32
cpe:/a:mysql:mysql:3.23.23MySQL MySQL 3.23.23
cpe:/a:mysql:mysql:3.23.45MySQL MySQL 3.23.45
cpe:/a:mysql:mysql:3.23.42MySQL MySQL 3.23.42
cpe:/a:mysql:mysql:3.22.30MySQL MySQL 3.22.30
cpe:/a:mysql:mysql:3.23.43MySQL MySQL 3.23.43
cpe:/a:mysql:mysql:4.0.5aMySQL MySQL 4.0.5a
cpe:/a:mysql:mysql:3.22.26MySQL MySQL 3.22.26
cpe:/a:mysql:mysql:3.23.37MySQL MySQL 3.23.37
cpe:/a:mysql:mysql:4.0.1MySQL MySQL 4.0.1
cpe:/a:mysql:mysql:3.23.38MySQL MySQL 3.23.38
cpe:/a:mysql:mysql:4.0.0MySQL MySQL 4.0.0
cpe:/a:mysql:mysql:3.23.9MySQL MySQL 3.23.9
cpe:/a:mysql:mysql:4.0.3MySQL MySQL 4.0.3
cpe:/a:mysql:mysql:3.23.36MySQL MySQL 3.23.36
cpe:/a:mysql:mysql:3.23.8MySQL MySQL 3.23.8
cpe:/a:mysql:mysql:4.0.2MySQL MySQL 4.0.2
cpe:/a:mysql:mysql:3.22.29MySQL MySQL 3.22.29
cpe:/a:mysql:mysql:3.22.28MySQL MySQL 3.22.28
cpe:/a:mysql:mysql:3.23.39MySQL MySQL 3.23.39
cpe:/a:mysql:mysql:3.22.27MySQL MySQL 3.22.27
cpe:/a:mysql:mysql:3.23.40MySQL MySQL 3.23.40
cpe:/a:mysql:mysql:3.23.41MySQL MySQL 3.23.41
cpe:/a:mysql:mysql:3.23.53aMySQL MySQL 3.23.53a
cpe:/a:mysql:mysql:3.23.3MySQL MySQL 3.23.3
cpe:/a:mysql:mysql:3.23.2MySQL MySQL 3.23.2
cpe:/a:mysql:mysql:3.23.34MySQL MySQL 3.23.34
cpe:/a:mysql:mysql:3.23.31MySQL MySQL 3.23.31
cpe:/a:mysql:mysql:3.23.5MySQL MySQL 3.23.5
cpe:/a:mysql:mysql:3.23.53MySQL MySQL 3.23.53
cpe:/a:mysql:mysql:3.23.10MySQL MySQL 3.23.10
cpe:/a:mysql:mysql:3.23.4MySQL MySQL 3.23.4

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1373
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1373
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200212-051
(官方数据源) CNNVD

- 其它链接及资源

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000555
(UNKNOWN)  CONECTIVA  CLSA-2002:555
http://marc.info/?l=bugtraq&m=103971644013961&w=2
(UNKNOWN)  BUGTRAQ  20021212 Advisory 04/2002: Multiple MySQL vulnerabilities
http://marc.info/?l=bugtraq&m=104004857201968&w=2
(UNKNOWN)  GENTOO  200212-2
http://security.e-matters.de/advisories/042002.html
(VENDOR_ADVISORY)  MISC  http://security.e-matters.de/advisories/042002.html
http://www.debian.org/security/2002/dsa-212
(UNKNOWN)  DEBIAN  DSA-212
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:087
(UNKNOWN)  MANDRAKE  MDKSA-2002:087
http://www.novell.com/linux/security/advisories/2003_003_mysql.html
(UNKNOWN)  SUSE  SUSE-SA:2003:003
http://www.redhat.com/support/errata/RHSA-2002-288.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2002:288
http://www.redhat.com/support/errata/RHSA-2002-289.html
(UNKNOWN)  REDHAT  RHSA-2002:289
http://www.redhat.com/support/errata/RHSA-2003-166.html
(UNKNOWN)  REDHAT  RHSA-2003:166
http://www.securityfocus.com/advisories/5269
(UNKNOWN)  IMMUNIX  IMNX-2003-7+-008-01
http://www.securityfocus.com/bid/6368
(VENDOR_ADVISORY)  BID  6368
http://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt
(UNKNOWN)  TRUSTIX  2002-0086
http://xforce.iss.net/xforce/xfdb/10846
(VENDOR_ADVISORY)  XF  mysql-comtabledump-dos(10846)

- 漏洞信息

MySQL COM_TABLE_DUMP内存破坏漏洞
中危 边界条件错误
2002-12-23 00:00:00 2006-03-28 00:00:00
远程  
        
        MySQL是一款开放源代码关系型数据库系统。
        MySQL不正确处理畸形COM_TABLE_DUMP服务端命令,远程攻击者可以利用这个漏洞传递恶意畸形参数而导致发生拒绝服务攻击。
        MySQL < 4.x处理COM_TABLE_DUMP时从包中接收两个字符,并直接给赋值无符号整数,使用它们作为memcpy()的长度参数,而由于对字符缺少正确检查,因此如果字符中包含负值就会转化为超大的一个值。由于这个操作是堆和堆之间的拷贝操作,会导致内存分配不足而产生SIGSEGV错误,使服务崩溃。
        

- 公告与补丁

        厂商补丁:
        Conectiva
        ---------
        Conectiva已经为此发布了一个安全公告(CLA-2002:555)以及相应补丁:
        CLA-2002:555:MySQL
        链接:
        http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000555

        补丁下载:
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/MySQL-3.23.36-14U60_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/MySQL-bench-3.23.36-14U60_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/MySQL-client-3.23.36-14U60_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/MySQL-devel-3.23.36-14U60_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/MySQL-devel-static-3.23.36-14U60_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/MySQL-doc-3.23.36-14U60_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/MySQL-3.23.36-14U60_3cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-3.23.36-14U70_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-bench-3.23.36-14U70_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-client-3.23.36-14U70_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-devel-3.23.36-14U70_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-devel-static-3.23.36-14U70_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-doc-3.23.36-14U70_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/MySQL-3.23.36-14U70_3cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-3.23.46-4U80_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-bench-3.23.46-4U80_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-client-3.23.46-4U80_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-devel-3.23.46-4U80_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-devel-static-3.23.46-4U80_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-doc-3.23.46-4U80_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/SRPMS/MySQL-3.23.46-4U80_2cl.src.rpm
        Debian
        ------
        Debian已经为此发布了一个安全公告(DSA-212-1)以及相应补丁:
        DSA-212-1:Multiple MySQL vulnerabilities
        链接:
        http://www.debian.org/security/2002/dsa-212

        补丁下载:
        Source archives:
        
        http://security.debian.org/pool/updates/main/m/mysql/mysql_3.22.32-6.3.dsc

        Size/MD5 checksum: 1305 26482e7b5f51fe036c9270043877483a
        
        http://security.debian.org/pool/updates/main/m/mysql/mysql_3.22.32.orig.tar.gz

        Size/MD5 checksum: 4296259 e3d9cb3038a2e4378c9c0f4f9d8c2d58
        
        http://security.debian.org/pool/updates/main/m/mysql/mysql_3.22.32-6.3.diff.gz

        Size/MD5 checksum: 84166 79faf5c0f1e6ab6c4c3b7511f9cc1e71
        Architecture independent packages:
        
        http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.22.32-6.3_all.deb

        Size/MD5 checksum: 1687018 e3d348a98e08bbff4085215356c5dcc7
        alpha architecture (DEC Alpha)
        
        http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.3_alpha.deb

        Size/MD5 checksum: 790098 2d103be33a041fa8af05a6d1a8fae1fc
        
        http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_alpha.deb

        Size/MD5 checksum: 99516 c3803f9e8e090bc9755cc8502f7dd860
        arm architecture (ARM)
        
        http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.3_arm.deb

        Size/MD5 checksum: 603710 028266a7c4c99365a8fe715fda7635b9
        
        http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_arm.deb

        Size/MD5 checksum: 87190 0f6e1c53dd71bd45ec0bfc7bdd3e92c3
        i386 architecture (Intel ia32)
        
        http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.3_i386.deb

        Size/MD5 checksum: 585150 54c0e5b9aa43a2d4fd2137f22851243a
        
        http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_i386.deb

        Size/MD5 checksum: 86768 fe2974d4fc341c7fc5c3866636a49676
        m68k architecture (Motorola Mc680x0)
        
        http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.3_m68k.deb

        Size/MD5 checksum: 554888 5d636134e003bdd33f6dd74e60ca6570
        
        http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_m68k.deb

        Size/MD5 checksum: 84534 47f6aa149c3b872722b5357bb962c0a7
        powerpc architecture (PowerPC)
        

- 漏洞信息

8889
MySQL COM_TABLE_DUMP Package Negative Integer DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Unknown

- 漏洞描述

MySQL contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted packet is sent containing negative values that are not validated occurs, and will result in loss of availability for the service.

- 时间线

2002-12-12 2002-12-03
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, MySQL AB has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

MySQL COM_TABLE_DUMP Memory Corruption Vulnerability
Boundary Condition Error 6368
Yes No
2002-12-12 12:00:00 2009-07-11 07:16:00
Discovery of this issue is credited to Stefan Esser <s.esser@e-matters.de>.

- 受影响的程序版本

Veritas Software NetBackup Global Data Manager 4.5 MP3
Veritas Software NetBackup Global Data Manager 4.5 MP2
Veritas Software NetBackup Global Data Manager 4.5 MP1
Veritas Software NetBackup Global Data Manager 4.5 FP3
Veritas Software NetBackup Global Data Manager 4.5 FP2
Veritas Software NetBackup Global Data Manager 4.5 FP1
Veritas Software NetBackup Global Data Manager 4.5
Veritas Software NetBackup Advanced Reporter 4.5 MP3
Veritas Software NetBackup Advanced Reporter 4.5 MP2
Veritas Software NetBackup Advanced Reporter 4.5 MP1
Veritas Software NetBackup Advanced Reporter 4.5 FP3
Veritas Software NetBackup Advanced Reporter 4.5 FP2
Veritas Software NetBackup Advanced Reporter 4.5 FP1
Veritas Software NetBackup Advanced Reporter 4.5
Veritas Software NetBackup Advanced Reporter 3.4
MySQL AB MySQL 4.0.5 a
MySQL AB MySQL 4.0.3
MySQL AB MySQL 4.0.2
MySQL AB MySQL 4.0.1
MySQL AB MySQL 4.0 .0
MySQL AB MySQL 3.23.53 a
MySQL AB MySQL 3.23.53
+ OpenPKG OpenPKG Current
+ Sun Cobalt Qube 3
MySQL AB MySQL 3.23.52
+ Conectiva Linux Enterprise Edition 1.0
+ Mandriva Linux Mandrake 9.0
+ OpenPKG OpenPKG 1.1
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0
+ S.u.S.E. Linux 8.1
+ Trustix Secure Linux 1.5
MySQL AB MySQL 3.23.51
MySQL AB MySQL 3.23.50
MySQL AB MySQL 3.23.49
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ RedHat Linux 7.3 i686
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
MySQL AB MySQL 3.23.48
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
MySQL AB MySQL 3.23.47
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
MySQL AB MySQL 3.23.46
+ Conectiva Linux 8.0
+ OpenPKG OpenPKG 1.0
MySQL AB MySQL 3.23.45
MySQL AB MySQL 3.23.44
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
MySQL AB MySQL 3.23.43
MySQL AB MySQL 3.23.42
MySQL AB MySQL 3.23.41
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.2
MySQL AB MySQL 3.23.40
MySQL AB MySQL 3.23.39
+ HP SCM 3.0
MySQL AB MySQL 3.23.38
MySQL AB MySQL 3.23.37
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
MySQL AB MySQL 3.23.36
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ EnGarde Secure Linux 1.0.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i686
+ RedHat Linux 7.1 i586
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1
MySQL AB MySQL 3.23.34
- Debian Linux 2.2 sparc
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 arm
- Debian Linux 2.2 alpha
- Debian Linux 2.2 68k
- Debian Linux 2.2
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 3.5.1
- HP HP-UX 11.11
- HP HP-UX 11.0
- IBM AIX 4.3.3
- IBM AIX 4.3.2
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- OpenBSD OpenBSD 2.8
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.6
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 alpha
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
- RedHat Linux 5.2 sparc
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 alpha
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 6.4
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
- Sun Solaris 2.6_x86
- Sun Solaris 2.6
MySQL AB MySQL 3.23.33
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
MySQL AB MySQL 3.23.32
+ Wirex Immunix OS 7+
MySQL AB MySQL 3.23.31
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
MySQL AB MySQL 3.23.30
MySQL AB MySQL 3.23.29
MySQL AB MySQL 3.23.28
MySQL AB MySQL 3.23.27
MySQL AB MySQL 3.23.26
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
MySQL AB MySQL 3.23.25
MySQL AB MySQL 3.23.24
MySQL AB MySQL 3.23.23
MySQL AB MySQL 3.23.22
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0
MySQL AB MySQL 3.23.10
MySQL AB MySQL 3.23.9
MySQL AB MySQL 3.23.8
MySQL AB MySQL 3.23.5
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Trustix Secure Linux 1.5
MySQL AB MySQL 3.23.4
MySQL AB MySQL 3.23.3
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
MySQL AB MySQL 3.23.2
MySQL AB MySQL 3.22.32
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
MySQL AB MySQL 3.22.30
MySQL AB MySQL 3.22.29
MySQL AB MySQL 3.22.28
MySQL AB MySQL 3.22.27
MySQL AB MySQL 3.22.26
Miva htmlscript 3.23.32
Veritas Software NetBackup Global Data Manager 4.5 MP4
Veritas Software NetBackup Global Data Manager 4.5 FP4
Veritas Software NetBackup Advanced Reporter 4.5 MP4
Veritas Software NetBackup Advanced Reporter 4.5 FP4
MySQL AB MySQL 3.23.54
+ Sun Cobalt RaQ 550
+ Trustix Secure Linux 1.5

- 不受影响的程序版本

Veritas Software NetBackup Global Data Manager 4.5 MP4
Veritas Software NetBackup Global Data Manager 4.5 FP4
Veritas Software NetBackup Advanced Reporter 4.5 MP4
Veritas Software NetBackup Advanced Reporter 4.5 FP4
MySQL AB MySQL 3.23.54
+ Sun Cobalt RaQ 550
+ Trustix Secure Linux 1.5

- 漏洞讨论

MySQL is prone to memory corruption when attempting to handle malformed COM_TABLE_DUMP server commands. If an attacker can cause a malformed COM_TABLE_DUMP server command to be issued with malformed parameters, it may be able to cause a denial of service.

It is not believed that this issue may be exploited to execute arbitrary code.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

EnGarde has released updated fixes. The original fixes did not address the COM_TABLE_DUMP vulnerability (BID 6368). The upgraded packages now include fixes for this vulnerability.

Gentoo Linux has released an advisory. Users who have installed dev-db/mysql-3.23.53 and earlier are urged to update their systems by issuing the following commands:

emerge rsync
emerge mysql
emerge clean

OpenPKG has released an advisory (OpenPKG-SA-2002.013) which addresses this issue. Please see the attached advisory for details on fixing this issue on systems using OpenPKG.

Conectiva Linux and Debian have released advisories. Information about obtaining and applying fixes can be found in the referenced advisories.

MandrakeSoft has released a new advisory. Information about obtaining and applying fixes can be found in the referenced advisory.

SuSE has released an advisory (SuSE-SA:2003:003) which addresses this issue. Please see the attached advisory for details on obtaining and applying fixes.

Veritas has released an advisory and updated feature and maintenance packs to address this issue.

This issue has been addressed in MySQL 3.23.54.


MySQL AB MySQL 3.22.32

MySQL AB MySQL 3.23.10

MySQL AB MySQL 3.23.2

MySQL AB MySQL 3.23.22

MySQL AB MySQL 3.23.23

MySQL AB MySQL 3.23.24

MySQL AB MySQL 3.23.25

MySQL AB MySQL 3.23.26

MySQL AB MySQL 3.23.27

MySQL AB MySQL 3.23.28

MySQL AB MySQL 3.23.29

MySQL AB MySQL 3.23.3

MySQL AB MySQL 3.23.30

MySQL AB MySQL 3.23.31

MySQL AB MySQL 3.23.32

MySQL AB MySQL 3.23.33

MySQL AB MySQL 3.23.34

MySQL AB MySQL 3.23.36

MySQL AB MySQL 3.23.37

MySQL AB MySQL 3.23.38

MySQL AB MySQL 3.23.39

MySQL AB MySQL 3.23.4

MySQL AB MySQL 3.23.40

MySQL AB MySQL 3.23.41

MySQL AB MySQL 3.23.42

MySQL AB MySQL 3.23.43

MySQL AB MySQL 3.23.44

MySQL AB MySQL 3.23.45

MySQL AB MySQL 3.23.46

MySQL AB MySQL 3.23.47

MySQL AB MySQL 3.23.48

MySQL AB MySQL 3.23.49

MySQL AB MySQL 3.23.5

MySQL AB MySQL 3.23.50

MySQL AB MySQL 3.23.51

MySQL AB MySQL 3.23.52

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站