CVE-2002-1376
CVSS7.5
发布时间 :2002-12-23 00:00:00
修订时间 :2016-10-17 22:26:31
NMCOS    

[原文]libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.


[CNNVD]MySQL libmysqlclient库Read_Rows缓冲区溢出漏洞(CNNVD-200212-054)

        
        MySQL是一款开放源代码关系型数据库系统。
        MySQL的libmysqlclient库在read_rows函数中存在缓冲区溢出,远程攻击者可以利用这个漏洞对客户端进行拒绝服务攻击或以MySQL客户端进程权限在系统上执行任意指令。
        当MySQL客户端库接收到来自服务器的回答时,会读取行大小到目的缓冲区中,由于没有正确验证存储的行大小是否小于目的缓冲区大小,可导致攻击者提交负值的字段数值而触发缓冲区溢出,可以导致客户端产生拒绝服务,或可能以MySQL客户端进程权限在系统上执行任意指令。
        另外在所有字段中会追加'\0'终止符,但却没有正确检查边界缓冲区,可以导致单字节溢出,精心构建提交数据可能以MySQL客户端进程权限在系统上执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:mysql:mysql:3.23.48MySQL MySQL 3.23.48
cpe:/a:mysql:mysql:3.23.49MySQL MySQL 3.23.49
cpe:/a:mysql:mysql:3.23.46MySQL MySQL 3.23.46
cpe:/a:mysql:mysql:3.23.47MySQL MySQL 3.23.47
cpe:/a:symantec_veritas:netbackup_advanced_reporter:4.5_mp3
cpe:/a:mysql:mysql:3.23.30MySQL MySQL 3.23.30
cpe:/a:symantec_veritas:netbackup_advanced_reporter:4.5_mp2
cpe:/a:mysql:mysql:3.23.44MySQL MySQL 3.23.44
cpe:/a:symantec_veritas:netbackup_advanced_reporter:4.5_mp1
cpe:/a:mysql:mysql:3.22.32MySQL MySQL 3.22.32
cpe:/a:mysql:mysql:3.23.45MySQL MySQL 3.23.45
cpe:/a:mysql:mysql:3.23.42MySQL MySQL 3.23.42
cpe:/a:mysql:mysql:3.22.30MySQL MySQL 3.22.30
cpe:/a:mysql:mysql:3.23.43MySQL MySQL 3.23.43
cpe:/a:symantec_veritas:netbackup_advanced_reporter:3.4
cpe:/a:mysql:mysql:4.0.1MySQL MySQL 4.0.1
cpe:/a:mysql:mysql:4.0.0MySQL MySQL 4.0.0
cpe:/a:mysql:mysql:3.23.9MySQL MySQL 3.23.9
cpe:/a:mysql:mysql:4.0.3MySQL MySQL 4.0.3
cpe:/a:mysql:mysql:3.23.8MySQL MySQL 3.23.8
cpe:/a:mysql:mysql:4.0.2MySQL MySQL 4.0.2
cpe:/a:mysql:mysql:3.23.40MySQL MySQL 3.23.40
cpe:/a:mysql:mysql:3.23.41MySQL MySQL 3.23.41
cpe:/a:symantec_veritas:netbackup_global_data_manager:4.5_mp3
cpe:/a:mysql:mysql:3.23.3MySQL MySQL 3.23.3
cpe:/a:mysql:mysql:3.23.2MySQL MySQL 3.23.2
cpe:/a:mysql:mysql:3.23.5MySQL MySQL 3.23.5
cpe:/a:mysql:mysql:3.23.53MySQL MySQL 3.23.53
cpe:/a:mysql:mysql:3.23.10MySQL MySQL 3.23.10
cpe:/a:mysql:mysql:3.23.4MySQL MySQL 3.23.4
cpe:/a:symantec_veritas:netbackup_global_data_manager:4.5
cpe:/a:symantec_veritas:netbackup_global_data_manager:4.5_mp1
cpe:/a:symantec_veritas:netbackup_global_data_manager:4.5_mp2
cpe:/a:mysql:mysql:3.23.26MySQL MySQL 3.23.26
cpe:/a:mysql:mysql:3.23.27MySQL MySQL 3.23.27
cpe:/a:mysql:mysql:3.23.24MySQL MySQL 3.23.24
cpe:/a:mysql:mysql:3.23.25MySQL MySQL 3.23.25
cpe:/a:mysql:mysql:3.23.28MySQL MySQL 3.23.28
cpe:/a:mysql:mysql:3.23.29MySQL MySQL 3.23.29
cpe:/a:mysql:mysql:3.23.51MySQL MySQL 3.23.51
cpe:/a:mysql:mysql:3.23.52MySQL MySQL 3.23.52
cpe:/a:mysql:mysql:3.23.50MySQL MySQL 3.23.50
cpe:/a:mysql:mysql:3.23.23MySQL MySQL 3.23.23
cpe:/a:symantec_veritas:netbackup_advanced_reporter:4.5_fp3
cpe:/a:symantec_veritas:netbackup_advanced_reporter:4.5_fp2
cpe:/a:symantec_veritas:netbackup_advanced_reporter:4.5
cpe:/a:mysql:mysql:4.0.5aMySQL MySQL 4.0.5a
cpe:/a:mysql:mysql:3.22.26MySQL MySQL 3.22.26
cpe:/a:mysql:mysql:3.23.37MySQL MySQL 3.23.37
cpe:/a:mysql:mysql:3.23.38MySQL MySQL 3.23.38
cpe:/a:mysql:mysql:3.23.36MySQL MySQL 3.23.36
cpe:/a:mysql:mysql:3.22.29MySQL MySQL 3.22.29
cpe:/a:mysql:mysql:3.22.28MySQL MySQL 3.22.28
cpe:/a:mysql:mysql:3.23.39MySQL MySQL 3.23.39
cpe:/a:mysql:mysql:3.22.27MySQL MySQL 3.22.27
cpe:/a:mysql:mysql:3.23.53aMySQL MySQL 3.23.53a
cpe:/a:mysql:mysql:3.23.34MySQL MySQL 3.23.34
cpe:/a:mysql:mysql:3.23.31MySQL MySQL 3.23.31
cpe:/a:symantec_veritas:netbackup_global_data_manager:4.5_fp2
cpe:/a:symantec_veritas:netbackup_advanced_reporter:4.5_fp1
cpe:/a:symantec_veritas:netbackup_global_data_manager:4.5_fp3
cpe:/a:symantec_veritas:netbackup_global_data_manager:4.5_fp1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1376
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1376
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200212-054
(官方数据源) CNNVD

- 其它链接及资源

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000555
(UNKNOWN)  CONECTIVA  CLSA-2002:555
http://marc.info/?l=bugtraq&m=103971644013961&w=2
(UNKNOWN)  BUGTRAQ  20021212 Advisory 04/2002: Multiple MySQL vulnerabilities
http://marc.info/?l=bugtraq&m=104004857201968&w=2
(UNKNOWN)  BUGTRAQ  20021215 GLSA: mysql
http://marc.info/?l=bugtraq&m=104005886114500&w=2
(UNKNOWN)  BUGTRAQ  20021216 [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql)
http://marc.info/?l=bugtraq&m=104033188706000&w=2
(UNKNOWN)  BUGTRAQ  20021219 TSLSA-2002-0086 - mysql
http://security.e-matters.de/advisories/042002.html
(UNKNOWN)  MISC  http://security.e-matters.de/advisories/042002.html
http://www.debian.org/security/2002/dsa-212
(UNKNOWN)  DEBIAN  DSA-212
http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html
(VENDOR_ADVISORY)  ENGARDE  ESA-20021213-033
http://www.mandriva.com/security/advisories?name=MDKSA-2002:087
(UNKNOWN)  MANDRAKE  MDKSA-2002:087
http://www.redhat.com/support/errata/RHSA-2002-288.html
(UNKNOWN)  REDHAT  RHSA-2002:288
http://www.securityfocus.com/bid/6370
(VENDOR_ADVISORY)  BID  6370
http://www.securityfocus.com/bid/6374
(VENDOR_ADVISORY)  BID  6374
http://xforce.iss.net/xforce/xfdb/10849
(UNKNOWN)  XF  mysql-libmysqlclient-readrows-bo(10849)
http://xforce.iss.net/xforce/xfdb/10850
(UNKNOWN)  XF  mysql-libmysqlclient-readonerow-bo(10850)

- 漏洞信息

MySQL libmysqlclient库Read_Rows缓冲区溢出漏洞
高危 边界条件错误
2002-12-23 00:00:00 2006-03-28 00:00:00
远程  
        
        MySQL是一款开放源代码关系型数据库系统。
        MySQL的libmysqlclient库在read_rows函数中存在缓冲区溢出,远程攻击者可以利用这个漏洞对客户端进行拒绝服务攻击或以MySQL客户端进程权限在系统上执行任意指令。
        当MySQL客户端库接收到来自服务器的回答时,会读取行大小到目的缓冲区中,由于没有正确验证存储的行大小是否小于目的缓冲区大小,可导致攻击者提交负值的字段数值而触发缓冲区溢出,可以导致客户端产生拒绝服务,或可能以MySQL客户端进程权限在系统上执行任意指令。
        另外在所有字段中会追加'\0'终止符,但却没有正确检查边界缓冲区,可以导致单字节溢出,精心构建提交数据可能以MySQL客户端进程权限在系统上执行任意指令。
        

- 公告与补丁

        厂商补丁:
        Conectiva
        ---------
        Conectiva已经为此发布了一个安全公告(CLA-2002:555)以及相应补丁:
        CLA-2002:555:MySQL
        链接:
        http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000555

        补丁下载:
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/MySQL-3.23.36-14U60_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/MySQL-bench-3.23.36-14U60_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/MySQL-client-3.23.36-14U60_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/MySQL-devel-3.23.36-14U60_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/MySQL-devel-static-3.23.36-14U60_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/MySQL-doc-3.23.36-14U60_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/MySQL-3.23.36-14U60_3cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-3.23.36-14U70_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-bench-3.23.36-14U70_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-client-3.23.36-14U70_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-devel-3.23.36-14U70_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-devel-static-3.23.36-14U70_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/MySQL-doc-3.23.36-14U70_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/MySQL-3.23.36-14U70_3cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-3.23.46-4U80_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-bench-3.23.46-4U80_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-client-3.23.46-4U80_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-devel-3.23.46-4U80_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-devel-static-3.23.46-4U80_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/MySQL-doc-3.23.46-4U80_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/SRPMS/MySQL-3.23.46-4U80_2cl.src.rpm
        Debian
        ------
        Debian已经为此发布了一个安全公告(DSA-212-1)以及相应补丁:
        DSA-212-1:Multiple MySQL vulnerabilities
        链接:
        http://www.debian.org/security/2002/dsa-212

        补丁下载:
        Source archives:
        
        http://security.debian.org/pool/updates/main/m/mysql/mysql_3.22.32-6.3.dsc

        Size/MD5 checksum: 1305 26482e7b5f51fe036c9270043877483a
        
        http://security.debian.org/pool/updates/main/m/mysql/mysql_3.22.32.orig.tar.gz

        Size/MD5 checksum: 4296259 e3d9cb3038a2e4378c9c0f4f9d8c2d58
        
        http://security.debian.org/pool/updates/main/m/mysql/mysql_3.22.32-6.3.diff.gz

        Size/MD5 checksum: 84166 79faf5c0f1e6ab6c4c3b7511f9cc1e71
        Architecture independent packages:
        
        http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.22.32-6.3_all.deb

        Size/MD5 checksum: 1687018 e3d348a98e08bbff4085215356c5dcc7
        alpha architecture (DEC Alpha)
        
        http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.3_alpha.deb

        Size/MD5 checksum: 790098 2d103be33a041fa8af05a6d1a8fae1fc
        
        http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_alpha.deb

        Size/MD5 checksum: 99516 c3803f9e8e090bc9755cc8502f7dd860
        arm architecture (ARM)
        
        http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.3_arm.deb

        Size/MD5 checksum: 603710 028266a7c4c99365a8fe715fda7635b9
        
        http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_arm.deb

        Size/MD5 checksum: 87190 0f6e1c53dd71bd45ec0bfc7bdd3e92c3
        i386 architecture (Intel ia32)
        
        http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.3_i386.deb

        Size/MD5 checksum: 585150 54c0e5b9aa43a2d4fd2137f22851243a
        
        http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_i386.deb

        Size/MD5 checksum: 86768 fe2974d4fc341c7fc5c3866636a49676
        m68k architecture (Motorola Mc680x0)
        
        http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.3_m68k.deb

        Size/MD5 checksum: 554888 5d636134e003bdd33f6dd74e60ca6570
        
        http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_m68k.deb

        Size/MD5 checksum: 84534 47f6aa149c3b872722b5357bb962c0a7
        powerpc architecture (PowerPC)
        

- 漏洞信息

8885
MySQL libmysqlclient Library read_rows Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-12-12 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

MySQL libmysqlclient Library Read_One_Row Buffer Overflow Vulnerability
Boundary Condition Error 6374
Yes No
2002-12-12 12:00:00 2009-07-11 07:16:00
Discovery of this issue is credited to Stefan Esser <s.esser@e-matters.de>.

- 受影响的程序版本

Veritas Software NetBackup Global Data Manager 4.5 MP3
Veritas Software NetBackup Global Data Manager 4.5 MP2
Veritas Software NetBackup Global Data Manager 4.5 MP1
Veritas Software NetBackup Global Data Manager 4.5 FP3
Veritas Software NetBackup Global Data Manager 4.5 FP2
Veritas Software NetBackup Global Data Manager 4.5 FP1
Veritas Software NetBackup Global Data Manager 4.5
Veritas Software NetBackup Advanced Reporter 4.5 MP3
Veritas Software NetBackup Advanced Reporter 4.5 MP2
Veritas Software NetBackup Advanced Reporter 4.5 MP1
Veritas Software NetBackup Advanced Reporter 4.5 FP3
Veritas Software NetBackup Advanced Reporter 4.5 FP2
Veritas Software NetBackup Advanced Reporter 4.5 FP1
Veritas Software NetBackup Advanced Reporter 4.5
Veritas Software NetBackup Advanced Reporter 3.4
MySQL AB MySQL 4.0.5 a
MySQL AB MySQL 4.0.3
MySQL AB MySQL 4.0.2
MySQL AB MySQL 4.0.1
MySQL AB MySQL 4.0 .0
MySQL AB MySQL 3.23.53 a
MySQL AB MySQL 3.23.53
+ OpenPKG OpenPKG Current
+ Sun Cobalt Qube 3
MySQL AB MySQL 3.23.52
+ Conectiva Linux Enterprise Edition 1.0
+ Mandriva Linux Mandrake 9.0
+ OpenPKG OpenPKG 1.1
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0
+ S.u.S.E. Linux 8.1
+ Trustix Secure Linux 1.5
MySQL AB MySQL 3.23.51
MySQL AB MySQL 3.23.50
MySQL AB MySQL 3.23.49
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ RedHat Linux 7.3 i686
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
MySQL AB MySQL 3.23.48
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
MySQL AB MySQL 3.23.47
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
MySQL AB MySQL 3.23.46
+ Conectiva Linux 8.0
+ OpenPKG OpenPKG 1.0
MySQL AB MySQL 3.23.45
MySQL AB MySQL 3.23.44
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
MySQL AB MySQL 3.23.43
MySQL AB MySQL 3.23.42
MySQL AB MySQL 3.23.41
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.2
MySQL AB MySQL 3.23.40
MySQL AB MySQL 3.23.39
+ HP SCM 3.0
MySQL AB MySQL 3.23.38
MySQL AB MySQL 3.23.37
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
MySQL AB MySQL 3.23.36
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ EnGarde Secure Linux 1.0.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i686
+ RedHat Linux 7.1 i586
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1
MySQL AB MySQL 3.23.34
- Debian Linux 2.2 sparc
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 arm
- Debian Linux 2.2 alpha
- Debian Linux 2.2 68k
- Debian Linux 2.2
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 3.5.1
- HP HP-UX 11.11
- HP HP-UX 11.0
- IBM AIX 4.3.3
- IBM AIX 4.3.2
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- OpenBSD OpenBSD 2.8
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.6
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 alpha
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
- RedHat Linux 5.2 sparc
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 alpha
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 6.4
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
- Sun Solaris 2.6_x86
- Sun Solaris 2.6
MySQL AB MySQL 3.23.33
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
MySQL AB MySQL 3.23.32
+ Wirex Immunix OS 7+
MySQL AB MySQL 3.23.31
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
MySQL AB MySQL 3.23.30
MySQL AB MySQL 3.23.29
MySQL AB MySQL 3.23.28
MySQL AB MySQL 3.23.27
MySQL AB MySQL 3.23.26
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
MySQL AB MySQL 3.23.25
MySQL AB MySQL 3.23.24
MySQL AB MySQL 3.23.23
MySQL AB MySQL 3.23.22
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0
MySQL AB MySQL 3.23.10
MySQL AB MySQL 3.23.9
MySQL AB MySQL 3.23.8
MySQL AB MySQL 3.23.5
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Trustix Secure Linux 1.5
MySQL AB MySQL 3.23.4
MySQL AB MySQL 3.23.3
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
MySQL AB MySQL 3.23.2
MySQL AB MySQL 3.22.32
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
MySQL AB MySQL 3.22.30
MySQL AB MySQL 3.22.29
MySQL AB MySQL 3.22.28
MySQL AB MySQL 3.22.27
MySQL AB MySQL 3.22.26
MySQL AB MySQL 3.20.32 a
Miva htmlscript 3.23.32
Veritas Software NetBackup Global Data Manager 4.5 MP4
Veritas Software NetBackup Global Data Manager 4.5 FP4
Veritas Software NetBackup Advanced Reporter 4.5 MP4
Veritas Software NetBackup Advanced Reporter 4.5 FP4
MySQL AB MySQL 3.23.54
+ Sun Cobalt RaQ 550
+ Trustix Secure Linux 1.5

- 不受影响的程序版本

Veritas Software NetBackup Global Data Manager 4.5 MP4
Veritas Software NetBackup Global Data Manager 4.5 FP4
Veritas Software NetBackup Advanced Reporter 4.5 MP4
Veritas Software NetBackup Advanced Reporter 4.5 FP4
MySQL AB MySQL 3.23.54
+ Sun Cobalt RaQ 550
+ Trustix Secure Linux 1.5

- 漏洞讨论

The libmysqlclient library of MySQL contains a buffer overflow in the read_one_row function. The issue involves the reading of rows into the client from the server. The client does not verify that the stored row sizes are smaller than the destination buffer.

Successful exploitation will most likely result in a denial of service against the MySQL client application.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

EnGarde has released updated fixes. The original fixes did not address the COM_TABLE_DUMP vulnerability (BID 6368). The upgraded packages now include fixes for this vulnerability.

Gentoo Linux has released an advisory. Users who have installed dev-db/mysql-3.23.53 and earlier are urged to update their systems by issuing the following commands:

emerge rsync
emerge mysql
emerge clean

OpenPKG has released an advisory (OpenPKG-SA-2002.013) which addresses this issue. Please see the attached advisory for details on fixing this issue on systems using OpenPKG.

Conectiva Linux and Debian have released advisories. Information about obtaining and applying fixes can be found in the referenced advisories.

SuSE has released an advisory (SuSE-SA:2003:003) which addresses this issue. Please see the attached advisory for details on obtaining and applying fixes.

Veritas has released an advisory and updated feature and maintenance packs to address this issue.

This issue has been addressed in MySQL 3.23.54.


MySQL AB MySQL 3.22.32

MySQL AB MySQL 3.23.10

MySQL AB MySQL 3.23.2

MySQL AB MySQL 3.23.22

MySQL AB MySQL 3.23.23

MySQL AB MySQL 3.23.24

MySQL AB MySQL 3.23.25

MySQL AB MySQL 3.23.26

MySQL AB MySQL 3.23.27

MySQL AB MySQL 3.23.28

MySQL AB MySQL 3.23.29

MySQL AB MySQL 3.23.3

MySQL AB MySQL 3.23.30

MySQL AB MySQL 3.23.31

MySQL AB MySQL 3.23.32

MySQL AB MySQL 3.23.33

MySQL AB MySQL 3.23.34

MySQL AB MySQL 3.23.36

MySQL AB MySQL 3.23.37

MySQL AB MySQL 3.23.38

MySQL AB MySQL 3.23.39

MySQL AB MySQL 3.23.4

MySQL AB MySQL 3.23.40

MySQL AB MySQL 3.23.41

MySQL AB MySQL 3.23.42

MySQL AB MySQL 3.23.43

MySQL AB MySQL 3.23.44

MySQL AB MySQL 3.23.45

MySQL AB MySQL 3.23.46

MySQL AB MySQL 3.23.47

MySQL AB MySQL 3.23.48

MySQL AB MySQL 3.23.49

MySQL AB MySQL 3.23.5

MySQL AB MySQL 3.23.50

MySQL AB MySQL 3.23.51

MySQL AB MySQL 3.23.52

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站