CVE-2003-0073
CVSS5.0
发布时间 :2003-02-19 00:00:00
修订时间 :2016-10-17 22:29:10
NMCOS    

[原文]Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.


[CNNVD]MySQL双free()堆破坏漏洞(CNNVD-200302-026)

        
        MySQL是一款开放源代码关系型数据库系统。
        MySQL在处理mysql_change_user()函数时存在设计问题,远程攻击者可以利用这个漏洞使mysqld崩溃。
        mysql_change_user()函数中存在设计问题,造成对同一内存释放两次,更改MySQL客户端并利用这个漏洞可导致mysqld崩溃。不过这个漏洞的利用需要使用合法用户帐户登录服务程序来进行触发。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:mysql:mysql:3.23.36MySQL MySQL 3.23.36
cpe:/a:mysql:mysql:3.23.47MySQL MySQL 3.23.47
cpe:/a:mysql:mysql:3.23.41MySQL MySQL 3.23.41
cpe:/a:mysql:mysql:3.23.52MySQL MySQL 3.23.52
cpe:/a:mysql:mysql:3.23.54aMySQL MySQL 3.23.54a
cpe:/a:mysql:mysql:3.23.31MySQL MySQL 3.23.31
cpe:/a:mysql:mysql:3.23.53MySQL MySQL 3.23.53
cpe:/a:mysql:mysql:3.23.54MySQL MySQL 3.23.54

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:436MYSQLd Double-free Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0073
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0073
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200302-026
(官方数据源) CNNVD

- 其它链接及资源

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743
(UNKNOWN)  CONECTIVA  CLA-2003:743
http://marc.info/?l=bugtraq&m=104385719107879&w=2
(UNKNOWN)  BUGTRAQ  20030129 [OpenPKG-SA-2003.008] OpenPKG Security Advisory (mysql)
http://www.debian.org/security/2003/dsa-303
(VENDOR_ADVISORY)  DEBIAN  DSA-303
http://www.iss.net/security_center/static/11199.php
(UNKNOWN)  XF  mysql-mysqlchangeuser-doublefree-dos(11199)
http://www.linuxsecurity.com/advisories/engarde_advisory-2873.html
(UNKNOWN)  ENGARDE  ESA-20030220-004
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:013
(UNKNOWN)  MANDRAKE  MDKSA-2003:013
http://www.mysql.com/doc/en/News-3.23.55.html
(VENDOR_ADVISORY)  CONFIRM  http://www.mysql.com/doc/en/News-3.23.55.html
http://www.redhat.com/support/errata/RHSA-2003-093.html
(UNKNOWN)  REDHAT  RHSA-2003:093
http://www.redhat.com/support/errata/RHSA-2003-094.html
(UNKNOWN)  REDHAT  RHSA-2003:094
http://www.redhat.com/support/errata/RHSA-2003-166.html
(UNKNOWN)  REDHAT  RHSA-2003:166
http://www.securityfocus.com/bid/6718
(UNKNOWN)  BID  6718

- 漏洞信息

MySQL双free()堆破坏漏洞
中危 其他
2003-02-19 00:00:00 2006-03-28 00:00:00
远程  
        
        MySQL是一款开放源代码关系型数据库系统。
        MySQL在处理mysql_change_user()函数时存在设计问题,远程攻击者可以利用这个漏洞使mysqld崩溃。
        mysql_change_user()函数中存在设计问题,造成对同一内存释放两次,更改MySQL客户端并利用这个漏洞可导致mysqld崩溃。不过这个漏洞的利用需要使用合法用户帐户登录服务程序来进行触发。
        

- 公告与补丁

        厂商补丁:
        MandrakeSoft
        ------------
        MandrakeSoft已经为此发布了一个安全公告(MDKSA-2003:013)以及相应补丁:
        MDKSA-2003:013:Updated MySQL packages fix DoS vulnerability
        链接:
        http://www.linux-mandrake.com/en/security/2003/MDKSA-2003-013.php

        补丁下载:
        Updated Packages:
        Linux-Mandrake 7.2:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/RPMS/MySQL-3.23.31-1.4mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/RPMS/MySQL-bench-3.23.31-1.4mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/RPMS/MySQL-client-3.23.31-1.4mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/RPMS/MySQL-devel-3.23.31-1.4mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/RPMS/MySQL-shared-3.23.31-1.4mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/SRPMS/MySQL-3.23.31-1.4mdk.src.rpm
        Mandrake Linux 8.0:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/RPMS/MySQL-3.23.36-2.3mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/RPMS/MySQL-bench-3.23.36-2.3mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/RPMS/MySQL-client-3.23.36-2.3mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/RPMS/MySQL-devel-3.23.36-2.3mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/RPMS/MySQL-shared-3.23.36-2.3mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/SRPMS/MySQL-3.23.36-2.3mdk.src.rpm
        Mandrake Linux 8.0/PPC:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/RPMS/MySQL-3.23.36-2.3mdk.ppc.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/RPMS/MySQL-bench-3.23.36-2.3mdk.ppc.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/RPMS/MySQL-client-3.23.36-2.3mdk.ppc.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/RPMS/MySQL-devel-3.23.36-2.3mdk.ppc.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/RPMS/MySQL-shared-3.23.36-2.3mdk.ppc.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/SRPMS/MySQL-3.23.36-2.3mdk.src.rpm
        Mandrake Linux 8.1:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/MySQL-3.23.41-5.3mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/MySQL-bench-3.23.41-5.3mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/MySQL-client-3.23.41-5.3mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/MySQL-devel-3.23.41-5.3mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/MySQL-shared-3.23.41-5.3mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/SRPMS/MySQL-3.23.41-5.3mdk.src.rpm
        Mandrake Linux 8.1/IA64:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/RPMS/MySQL-3.23.41-5.3mdk.ia64.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/RPMS/MySQL-bench-3.23.41-5.3mdk.ia64.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/RPMS/MySQL-client-3.23.41-5.3mdk.ia64.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/RPMS/MySQL-devel-3.23.41-5.3mdk.ia64.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/RPMS/MySQL-shared-3.23.41-5.3mdk.ia64.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/SRPMS/MySQL-3.23.41-5.3mdk.src.rpm
        Mandrake Linux 8.2:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/libmysql10-3.23.47-5.3mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/libmysql10-devel-3.23.47-5.3mdk.i

- 漏洞信息

9910
MySQL mysql_change_user() Double-free Memory Pointer DoS
Denial of Service
Loss of Availability Upgrade
Vendor Verified

- 漏洞描述

- 时间线

2003-01-23 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 3.23.55 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

MySQL Double Free Heap Corruption Vulnerability
Failure to Handle Exceptional Conditions 6718
Yes No
2003-01-29 12:00:00 2009-07-11 08:06:00
This vulnerability was reported in the MySQL 3.23.55 Changelog.

- 受影响的程序版本

RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
MySQL AB MySQL 3.23.54 a
+ OpenPKG OpenPKG 1.2
+ OpenPKG OpenPKG Current
+ RedHat Linux 9.0 i386
MySQL AB MySQL 3.23.54
+ Sun Cobalt RaQ 550
+ Trustix Secure Linux 1.5
MySQL AB MySQL 3.23.53
+ OpenPKG OpenPKG Current
+ Sun Cobalt Qube 3
MySQL AB MySQL 3.23.52
+ Conectiva Linux Enterprise Edition 1.0
+ Mandriva Linux Mandrake 9.0
+ OpenPKG OpenPKG 1.1
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0
+ S.u.S.E. Linux 8.1
+ Trustix Secure Linux 1.5
MySQL AB MySQL 3.23.49
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ RedHat Linux 7.3 i686
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
MySQL AB MySQL 3.23.47
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
MySQL AB MySQL 3.23.41
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.2
MySQL AB MySQL 3.23.36
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ EnGarde Secure Linux 1.0.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i686
+ RedHat Linux 7.1 i586
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1
MySQL AB MySQL 3.23.31
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
Conectiva Linux 9.0
Conectiva Linux 8.0
Conectiva Linux 7.0
MySQL AB MySQL 3.23.55
+ OpenPKG OpenPKG Current
+ Trustix Secure Linux 1.5

- 不受影响的程序版本

MySQL AB MySQL 3.23.55
+ OpenPKG OpenPKG Current
+ Trustix Secure Linux 1.5

- 漏洞讨论

A vulnerability has been discovered in MySQL that may cause a denial of service. It has been reported that, under certain circumstances, a malicious MySQL client may be able to trigger a condition in which MySQL attempts to free the same memory twice.

For this situation to occur the MySQL client must have been logged into the server using legitimate credentials.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Conectiva has released an advisory (CLA-2003:743), to address this issue. Users are advised to download and apply a relevant fixes as soon as possible. Further information relating to obtaining and applying appropriate fixes is available in the referenced advisory. Fixes are linked below.

EnGarde have made fixes available. See referenced advisory for further details.

Mandrake has made fixes available. See referenced advisory for fix information.

Trustix Secure Linux has released an advisory (TSLSA-2003-0003) which addresses this issue. Users are advised to upgrade as soon as possible.

Debian has released fixes for this issue. Links to upgraded packages are available in the attached advisory (DSA 303-1).

Red Hat has released an advisory (RHSA-2003:094) containing fixes to address this issue in Enterprise Linux and Linux Advanced Workstation. Fixes for these releases are only available through the Red Hat Network, and can be obtained using the following link:

http://rhn.redhat.com/

Fixes available:


MySQL AB MySQL 3.23.36

MySQL AB MySQL 3.23.41

MySQL AB MySQL 3.23.49

MySQL AB MySQL 3.23.52

MySQL AB MySQL 3.23.53

MySQL AB MySQL 3.23.54

MySQL AB MySQL 3.23.54 a

Conectiva Linux 7.0

Conectiva Linux 8.0

Conectiva Linux 9.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站