CVE-2004-0957
CVSS6.8
发布时间 :2005-02-09 00:00:00
修订时间 :2016-12-07 21:59:38
NMCOPS    

[原文]Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.


[CNNVD]MySQL数据库未经授权的GRANT特权漏洞(CNNVD-200502-014)

        MYSQL是一个多线程的,结构化查询语言(SQL)数据库服务器。
        MySQL 3.23.58及更早版本中的未知漏洞,当本地用户对名称中含有"_"(下划线)的数据库拥有特权时,可对具有类似名称的其他数据库授予特权,这可让用户执行未经授权的活动。

- CVSS (基础分值)

CVSS分值: 6.8 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:mysql:mysql:3.23.50MySQL MySQL 3.23.50
cpe:/a:mysql:mysql:3.23.52MySQL MySQL 3.23.52
cpe:/a:mysql:mysql:3.23.51MySQL MySQL 3.23.51
cpe:/o:trustix:secure_linux:1.5Trustix Secure Linux 1.5
cpe:/a:mysql:mysql:3.23.54MySQL MySQL 3.23.54
cpe:/a:mysql:mysql:4.0.6MySQL MySQL 4.0.6
cpe:/a:mysql:mysql:3.23.53MySQL MySQL 3.23.53
cpe:/a:mysql:mysql:4.0.7MySQL MySQL 4.0.7
cpe:/a:mysql:mysql:3.23.56MySQL MySQL 3.23.56
cpe:/a:mysql:mysql:4.0.4MySQL MySQL 4.0.4
cpe:/a:mysql:mysql:3.23.55MySQL MySQL 3.23.55
cpe:/a:mysql:mysql:4.0.5MySQL MySQL 4.0.5
cpe:/a:mysql:mysql:3.23.58MySQL MySQL 3.23.58
cpe:/a:mysql:mysql:4.0.2MySQL MySQL 4.0.2
cpe:/a:mysql:mysql:4.0.3MySQL MySQL 4.0.3
cpe:/a:mysql:mysql:4.0.0MySQL MySQL 4.0.0
cpe:/a:mysql:mysql:3.23.59MySQL MySQL 3.23.59
cpe:/a:mysql:mysql:4.0.1MySQL MySQL 4.0.1
cpe:/a:mysql:mysql:3.21MySQL MySQL 3.21
cpe:/a:mysql:mysql:3.22MySQL MySQL 3.22
cpe:/a:mysql:mysql:3.20MySQL MySQL 3.20
cpe:/o:redhat:enterprise_linux:3.0::advanced_server
cpe:/a:mysql:mysql:3.23MySQL MySQL 3.23
cpe:/a:mysql:mysql:3.23.41MySQL MySQL 3.23.41
cpe:/a:mysql:mysql:3.23.40MySQL MySQL 3.23.40
cpe:/a:mysql:mysql:3.23.43MySQL MySQL 3.23.43
cpe:/a:mysql:mysql:3.23.42MySQL MySQL 3.23.42
cpe:/a:mysql:mysql:3.23.45MySQL MySQL 3.23.45
cpe:/a:mysql:mysql:3.23.44MySQL MySQL 3.23.44
cpe:/a:mysql:mysql:3.23.47MySQL MySQL 3.23.47
cpe:/a:mysql:mysql:3.23.46MySQL MySQL 3.23.46
cpe:/a:mysql:mysql:3.23.49MySQL MySQL 3.23.49
cpe:/a:mysql:mysql:3.23.48MySQL MySQL 3.23.48
cpe:/a:mysql:mysql:3.23.54aMySQL MySQL 3.23.54a
cpe:/o:ubuntu:ubuntu_linux:4.1::ia64
cpe:/a:mysql:mysql:4.0.9:gammaMySQL MySQL 4.0.9 gamma
cpe:/a:mysql:mysql:4.0.11:gammaMySQL MySQL 4.0.11 gamma
cpe:/a:mysql:mysql:4.0.8:gammaMySQL MySQL 4.0.8 gamma
cpe:/a:mysql:mysql:3.22.26MySQL MySQL 3.22.26
cpe:/a:mysql:mysql:3.23.3MySQL MySQL 3.23.3
cpe:/a:mysql:mysql:3.23.2MySQL MySQL 3.23.2
cpe:/a:mysql:mysql:3.23.5MySQL MySQL 3.23.5
cpe:/a:mysql:mysql:3.23.4MySQL MySQL 3.23.4
cpe:/a:mysql:mysql:4.0.7:gammaMySQL MySQL 4.0.7 gamma
cpe:/a:mysql:mysql:3.23.9MySQL MySQL 3.23.9
cpe:/a:mysql:mysql:3.23.8MySQL MySQL 3.23.8
cpe:/a:mysql:mysql:3.20.32aMySQL MySQL 3.20.32a
cpe:/a:mysql:mysql:3.23.53aMySQL MySQL 3.23.53a
cpe:/a:mysql:mysql:3.22.29MySQL MySQL 3.22.29
cpe:/a:mysql:mysql:3.22.28MySQL MySQL 3.22.28
cpe:/a:mysql:mysql:3.22.27MySQL MySQL 3.22.27
cpe:/a:mysql:mysql:3.23.28:gammaMySQL MySQL 3.23.28 gamma
cpe:/o:ubuntu:ubuntu_linux:4.1::ppc
cpe:/a:mysql:mysql:3.23.10MySQL MySQL 3.23.10
cpe:/o:redhat:enterprise_linux:3.0::enterprise_server
cpe:/a:openpkg:openpkg:current
cpe:/a:openpkg:openpkg:2.1OpenPKG 2.1
cpe:/a:openpkg:openpkg:2.2OpenPKG 2.2
cpe:/a:mysql:mysql:4.0.5aMySQL MySQL 4.0.5a
cpe:/o:suse:suse_linux:9.2SuSE SuSE Linux 9.2
cpe:/a:mysql:mysql:3.22.32MySQL MySQL 3.22.32
cpe:/a:mysql:mysql:3.22.30MySQL MySQL 3.22.30
cpe:/o:suse:suse_linux:9.0SuSE SuSE Linux 9.0
cpe:/o:suse:suse_linux:9.0::x86_64
cpe:/o:suse:suse_linux:9.1SuSE SuSE Linux 9.1
cpe:/a:mysql:mysql:4.0.20MySQL MySQL 4.0.20
cpe:/a:mysql:mysql:3.23.30MySQL MySQL 3.23.30
cpe:/o:redhat:enterprise_linux:3.0::workstation_server
cpe:/a:mysql:mysql:3.23.32MySQL MySQL 3.23.32
cpe:/a:mysql:mysql:3.23.31MySQL MySQL 3.23.31
cpe:/a:mysql:mysql:3.23.34MySQL MySQL 3.23.34
cpe:/a:mysql:mysql:3.23.33MySQL MySQL 3.23.33
cpe:/a:mysql:mysql:3.23.36MySQL MySQL 3.23.36
cpe:/a:mysql:mysql:3.23.38MySQL MySQL 3.23.38
cpe:/a:mysql:mysql:3.23.37MySQL MySQL 3.23.37
cpe:/o:trustix:secure_linux:2.1Trustix Secure Linux 2.1
cpe:/a:mysql:mysql:3.23.39MySQL MySQL 3.23.39
cpe:/o:trustix:secure_linux:2.0Trustix Secure Linux 2.0
cpe:/a:mysql:mysql:4.0.10MySQL MySQL 4.0.10
cpe:/a:mysql:mysql:4.0.15MySQL MySQL 4.0.15
cpe:/a:mysql:mysql:4.0.18MySQL MySQL 4.0.18
cpe:/a:mysql:mysql:4.0.12MySQL MySQL 4.0.12
cpe:/a:mysql:mysql:4.0.11MySQL MySQL 4.0.11
cpe:/a:mysql:mysql:4.0.14MySQL MySQL 4.0.14
cpe:/a:mysql:mysql:4.0.8MySQL MySQL 4.0.8
cpe:/a:mysql:mysql:4.0.13MySQL MySQL 4.0.13
cpe:/a:mysql:mysql:4.0.9MySQL MySQL 4.0.9
cpe:/a:mysql:mysql:3.23.23MySQL MySQL 3.23.23
cpe:/a:mysql:mysql:3.23.22MySQL MySQL 3.23.22
cpe:/a:mysql:mysql:3.23.25MySQL MySQL 3.23.25
cpe:/o:suse:suse_linux:8.0SuSE SuSE Linux 8.0
cpe:/a:mysql:mysql:3.23.24MySQL MySQL 3.23.24
cpe:/a:mysql:mysql:3.23.27MySQL MySQL 3.23.27
cpe:/a:mysql:mysql:3.23.26MySQL MySQL 3.23.26
cpe:/o:suse:suse_linux:8.1SuSE SuSE Linux 8.1
cpe:/a:mysql:mysql:3.23.29MySQL MySQL 3.23.29
cpe:/a:mysql:mysql:3.23.28MySQL MySQL 3.23.28
cpe:/o:redhat:enterprise_linux_desktop:3.0Red Hat Desktop 3.0
cpe:/o:suse:suse_linux:8.2SuSE SuSE Linux 8.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0957
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0957
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200502-014
(官方数据源) CNNVD

- 其它链接及资源

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947
(UNKNOWN)  CONECTIVA  CLA-2005:947
http://www.ciac.org/ciac/bulletins/p-018.shtml
(UNKNOWN)  CIAC  P-018
http://www.debian.org/security/2005/dsa-707
(UNKNOWN)  DEBIAN  DSA-707
http://www.mandriva.com/security/advisories?name=MDKSA-2005:070
(UNKNOWN)  MANDRAKE  MDKSA-2005:070
http://www.redhat.com/support/errata/RHSA-2004-597.html
(UNKNOWN)  REDHAT  RHSA-2004:597
http://www.redhat.com/support/errata/RHSA-2004-611.html
(UNKNOWN)  REDHAT  RHSA-2004:611
http://xforce.iss.net/xforce/xfdb/17783
(VENDOR_ADVISORY)  XF  mysql-underscore-gain-priv(17783)
https://www.ubuntu.com/usn/usn-32-1/
(UNKNOWN)  UBUNTU  USN-32-1

- 漏洞信息

MySQL数据库未经授权的GRANT特权漏洞
中危 访问验证错误
2005-02-09 00:00:00 2006-03-28 00:00:00
远程  
        MYSQL是一个多线程的,结构化查询语言(SQL)数据库服务器。
        MySQL 3.23.58及更早版本中的未知漏洞,当本地用户对名称中含有"_"(下划线)的数据库拥有特权时,可对具有类似名称的其他数据库授予特权,这可让用户执行未经授权的活动。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        MySQL AB MySQL 3.23.49
        Debian libmysqlclient10-dev_3.23.49-8.11_alpha.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10- dev_3.23.49-8.11_alpha.deb
        Debian libmysqlclient10-dev_3.23.49-8.11_arm.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10- dev_3.23.49-8.11_arm.deb
        Debian libmysqlclient10-dev_3.23.49-8.11_hppa.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10- dev_3.23.49-8.11_hppa.deb
        Debian libmysqlclient10-dev_3.23.49-8.11_i386.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10- dev_3.23.49-8.11_i386.deb
        Debian libmysqlclient10-dev_3.23.49-8.11_ia64.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10- dev_3.23.49-8.11_ia64.deb
        Debian libmysqlclient10-dev_3.23.49-8.11_m68k.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10- dev_3.23.49-8.11_m68k.deb
        Debian libmysqlclient10-dev_3.23.49-8.11_mips.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10- dev_3.23.49-8.11_mips.deb
        Debian libmysqlclient10-dev_3.23.49-8.11_mipsel.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10- dev_3.23.49-8.11_mipsel.deb
        Debian libmysqlclient10-dev_3.23.49-8.11_powerpc.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10- dev_3.23.49-8.11_powerpc.deb
        Debian libmysqlclient10-dev_3.23.49-8.11_s390.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10- dev_3.23.49-8.11_s390.deb
        Debian libmysqlclient10-dev_3.23.49-8.11_sparc.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10- dev_3.23.49-8.11_sparc.deb
        Debian libmysqlclient10_3.23.49-8.11_alpha.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_ 3.23.49-8.11_alpha.deb
        Debian libmysqlclient10_3.23.49-8.11_arm.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_ 3.23.49-8.11_arm.deb
        Debian libmysqlclient10_3.23.49-8.11_hppa.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_ 3.23.49-8.11_hppa.deb
        Debian libmysqlclient10_3.23.49-8.11_i386.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_ 3.23.49-8.11_i386.deb
        Debian libmysqlclient10_3.23.49-8.11_ia64.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_ 3.23.49-8.11_ia64.deb
        Debian libmysqlclient10_3.23.49-8.11_m68k.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_ 3.23.49-8.11_m68k.deb
        Debian libmysqlclient10_3.23.49-8.11_mips.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_ 3.23.49-8.11_mips.deb
        Debian libmysqlclient10_3.23.49-8.11_mipsel.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_ 3.23.49-8.11_mipsel.deb
        Debian libmysqlclient10_3.23.49-8.11_powerpc.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_ 3.23.49-8.11_powerpc.deb
        Debian libmysqlclient10_3.23.49-8.11_s390.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_ 3.23.49-8.11_s390.deb
        Debian libmysqlclient10_3.23.49-8.11_sparc.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_ 3.23.49-8.11_sparc.deb
        Debian mysql-client_3.23.49-8.11_alpha.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23 .49-8.11_alpha.deb
        Debian mysql-client_3.23.49-8.11_arm.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23 .49-8.11_arm.deb
        Debian mysql-client_3.23.49-8.11_hppa.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23 .49-8.11_hppa.deb
        Debian mysql-client_3.23.49-8.11_i386.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23 .49-8.11_i386.deb
        Debian mysql-client_3.23.49-8.11_ia64.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23 .49-8.11_ia64.deb
        Debian mysql-client_3.23.49-8.11_m68k.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23 .49-8.11_m68k.deb
        Debian mysql-client_3.23.49-8.11_mips.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23 .49-8.11_mips.deb
        Debian mysql-client_3.23.49-8.11_mipsel.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23 .49-8.11_mipsel.deb
        Debian mysql-client_3.23.49-8.11_powerpc.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23 .49-8.11_powerpc.deb
        Debian mysql-client_3.23.49-8.11_s390.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23 .49-8.11_s390.deb
        Debian mysql-client_3.23.49-8.11_sparc.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23 .49-8.11_sparc.deb
        

- 漏洞信息 (F37204)

dsa-707.txt (PacketStormID:F37204)
2005-04-19 00:00:00
 
advisory,arbitrary
linux,debian
CVE-2004-0957,CVE-2005-0957,CVE-2005-0709,CVE-2005-0710,CVE-2005-0711
[点击下载]

Debian Security Advisory 707-1. Multiple issues with MySQL, including: incorrect privilege handling (users get illegitimate access to databases named similarly to those they have legitimate access to), arbitrary command execution for any user that has been granted INSERT and DELETE rights, and race conditions due to predictable tempfile naming schemes.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 707-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
April 13th, 2005                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mysql
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-0957
BugTraq ID     : 12781
Debian Bug     : 285276 296674 300158

Several vulnerabilities have been discovered in MySQL, a popular
database.  The Common Vulnerabilities and Exposures project identifies
the following problems:

CAN-2004-0957

    Sergei Golubchik discovered a problem in the access handling for
    similar named databases.  If a user is granted privileges to a
    database with a name containing an underscore ("_"), the user also
    gains privileges to other databases with similar names.

CAN-2005-0709

    Stefano Di Paola discovered that MySQL allows remote
    authenticated users with INSERT and DELETE privileges to execute
    arbitrary code by using CREATE FUNCTION to access libc calls.

CAN-2005-0710

    Stefano Di Paola discovered that MySQL allows remote authenticated
    users with INSERT and DELETE privileges to bypass library path
    restrictions and execute arbitrary libraries by using INSERT INTO
    to modify the mysql.func table.

CAN-2005-0711

   Stefano Di Paola discovered that MySQL uses predictable file names
   when creating temporary tables, which allows local users with
   CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via
   a symlink attack.

For the stable distribution (woody) these problems have been fixed in
version 3.23.49-8.11.

For the unstable distribution (sid) these problems have been fixed in
version 4.0.24-5 of mysql-dfsg and in version 4.1.10a-6 of
mysql-dfsg-4.1.

We recommend that you upgrade your mysql packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.11.dsc
      Size/MD5 checksum:      877 df2d85bd322eb6d42287127aa911b07e
    http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.11.diff.gz
      Size/MD5 checksum:    84421 13e0ec8441a97408ed4d0ab47981a333
    http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz
      Size/MD5 checksum: 11861035 a2820d81997779a9fdf1f4b3c321564a

  Architecture independent components:

    http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.11_all.deb
      Size/MD5 checksum:    18094 578cfd9bbf7930981efc682c8e51b549
    http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.23.49-8.5_all.deb
      Size/MD5 checksum:  1962992 a4cacebaadf9d5988da0ed1a336b48e6

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_alpha.deb
      Size/MD5 checksum:   279398 3971a1aa23bde9baefeb5784ef0ade3a
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_alpha.deb
      Size/MD5 checksum:   780772 97e71d14a7a1d4dd21ed5deab8dd545e
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_alpha.deb
      Size/MD5 checksum:   164748 7162245a011bed2fe08d0de4f95cc4e1
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_alpha.deb
      Size/MD5 checksum:  3636734 66c25c69c3579a9d69cd5b258ff5aaee

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_arm.deb
      Size/MD5 checksum:   239882 4472b428cbb26a752ac0e81b051cf628
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_arm.deb
      Size/MD5 checksum:   636536 ca50af2c717731c69542d5724a47fdf6
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_arm.deb
      Size/MD5 checksum:   125156 e72c65ef2ec3bb5d2a4a98263ccadb2b
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_arm.deb
      Size/MD5 checksum:  2808394 49c9bfb44afb893144171137b98eed12

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_i386.deb
      Size/MD5 checksum:   236058 a166e82ba1b7444bf86273f6e2d06022
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_i386.deb
      Size/MD5 checksum:   578064 a95797aa335d8f09ec119c553a766b08
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_i386.deb
      Size/MD5 checksum:   123672 3bd8648dd73e9f8f435029907d7d8a32
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_i386.deb
      Size/MD5 checksum:  2802056 dd4a223b162e6e13e0517220cc756fd3

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_ia64.deb
      Size/MD5 checksum:   316690 8c537c85c8485fc053b05aa7647e9c95
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_ia64.deb
      Size/MD5 checksum:   850412 9b580b32697b20bd420682e2da02b55a
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_ia64.deb
      Size/MD5 checksum:   174958 4529edb2a8ed5275b858ddda14cafc9c
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_ia64.deb
      Size/MD5 checksum:  4001168 dffcaa4ea670a963c2e1c87f86ca790b

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_hppa.deb
      Size/MD5 checksum:   282304 3192982a2bf0d1f4b4c898ffa45ee977
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_hppa.deb
      Size/MD5 checksum:   745680 1746b48072bcc93c4588d1e6f0c12b44
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_hppa.deb
      Size/MD5 checksum:   141770 b497d2bdd7032816a696985a65e32174
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_hppa.deb
      Size/MD5 checksum:  3516268 216cbce37769115fe9d393b9193f4ad5

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_m68k.deb
      Size/MD5 checksum:   229238 0c5ae0cdfb69ee2e8eaff52119bbfdf5
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_m68k.deb
      Size/MD5 checksum:   559260 11b3be08f6cd4c916a56349908e73bc7
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_m68k.deb
      Size/MD5 checksum:   119552 291df2ccd20afd3ba5b426bc232e1681
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_m68k.deb
      Size/MD5 checksum:  2648664 32253029744281d67cc32516d4415a7b

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_mips.deb
      Size/MD5 checksum:   252512 9f0d13488d1ef1d46b1cf954247c5d73
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_mips.deb
      Size/MD5 checksum:   690782 65245ff95983c58c49e5675e61ee3629
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_mips.deb
      Size/MD5 checksum:   135060 5382f4e78411fcb8364df226d27b6480
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_mips.deb
      Size/MD5 checksum:  2850534 1f6cbd34b484d6f57259c9c10d49c643

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_mipsel.deb
      Size/MD5 checksum:   252176 fe3be8acd75ccb1206d32b66f4a7f696
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_mipsel.deb
      Size/MD5 checksum:   690178 9bc96dee918e627234f5aba08e8ed174
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_mipsel.deb
      Size/MD5 checksum:   135402 219d4706babc06c8995c8674687bdd3b
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_mipsel.deb
      Size/MD5 checksum:  2840476 f9feb1a4254acb12cd974fe7abdd7430

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_powerpc.deb
      Size/MD5 checksum:   249246 d2433c23f8a83fbb7cfabaa7f1996ba0
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_powerpc.deb
      Size/MD5 checksum:   654366 fc5f0eb155c521a8a2f2a621c58026ef
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_powerpc.deb
      Size/MD5 checksum:   130604 06d0a734db8a480d31acfff1a032a1b2
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_powerpc.deb
      Size/MD5 checksum:  2825402 7cb05dadadbdf7b2aeaebff9b1c57bdd

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_s390.deb
      Size/MD5 checksum:   251522 0b0425e22e503cca3044457d1afb96a0
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_s390.deb
      Size/MD5 checksum:   609212 f2e48ad9b41cd1aed57b0cf06a350c51
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_s390.deb
      Size/MD5 checksum:   127578 e716610259ca1a56a5cc709bb0f39d8f
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_s390.deb
      Size/MD5 checksum:  2692988 dc5da2e28c240fc7cd5d7a57038324c4

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_sparc.deb
      Size/MD5 checksum:   242480 7fdfd764be3bc3eaccb2370b6d55f501
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_sparc.deb
      Size/MD5 checksum:   617570 900be3d64a19cc29f7e20449a3cb95e0
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_sparc.deb
      Size/MD5 checksum:   131548 890954cb23d89714d7645fa60587854c
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_sparc.deb
      Size/MD5 checksum:  2942040 5f234f648e9d269ca3df7167536bd2ae


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCXTBsW5ql+IAeqTIRAqe7AJ43f0oqBefOL1Il+OK4u4IkUD2PQgCfcq76
uT5622whCYqRR/Irsz2E7I8=
=7FKX
-----END PGP SIGNATURE-----

    

- 漏洞信息

10959
MySQL GRANT ALL ON Privilege Escalation
Remote / Network Access Authentication Management
Loss of Confidentiality, Loss of Integrity Upgrade
Exploit Public Vendor Verified

- 漏洞描述

MySQL contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when that users is given GRANT privileges on a database whose name contains an underscore, i.e. database_name. The underscore is treated as a wildcard; continuing the example, the user would then have GRANT privileges on database1name, databaseZname, etc. This flaw may lead to a loss of confidentiality and/or integrity.

- 时间线

2004-05-29 Unknow
2004-05-29 Unknow

- 解决方案

Upgrade to version 4.0.21 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

MySQL Database Unauthorized GRANT Privilege Vulnerability
Access Validation Error 11435
Yes No
2004-09-06 12:00:00 2009-07-12 07:07:00
This vulnerability was reported to the vendor by Sergei Golubchik.

- 受影响的程序版本

Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Trustix Secure Linux 2.1
Trustix Secure Linux 2.0
Trustix Secure Linux 1.5
Trustix Secure Enterprise Linux 2.0
SCO Unixware 7.1.4
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.0
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 3
RedHat Desktop 3.0
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 3
OpenPKG OpenPKG 2.2
OpenPKG OpenPKG 2.1
OpenPKG OpenPKG Current
MySQL AB MySQL 4.0.20
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
MySQL AB MySQL 4.0.18
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
MySQL AB MySQL 4.0.15
MySQL AB MySQL 4.0.14
MySQL AB MySQL 4.0.13
MySQL AB MySQL 4.0.12
MySQL AB MySQL 4.0.11 -gamma
MySQL AB MySQL 4.0.11
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
MySQL AB MySQL 4.0.10
MySQL AB MySQL 4.0.9 -gamma
MySQL AB MySQL 4.0.9
MySQL AB MySQL 4.0.8 -gamma
MySQL AB MySQL 4.0.8
MySQL AB MySQL 4.0.7 -gamma
MySQL AB MySQL 4.0.7
MySQL AB MySQL 4.0.6
MySQL AB MySQL 4.0.5 a
MySQL AB MySQL 4.0.5
MySQL AB MySQL 4.0.4
MySQL AB MySQL 4.0.3
MySQL AB MySQL 4.0.2
MySQL AB MySQL 4.0.1
MySQL AB MySQL 4.0 .0
MySQL AB MySQL 3.23.59
MySQL AB MySQL 3.23.58
+ Conectiva Linux 9.0
+ Red Hat Enterprise Linux AS 2.1
+ Red Hat Fedora Core2
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux Advanced Work Station 2.1
+ Sun Linux 5.0.7
+ Sun Linux 5.0.6
+ Sun Linux 5.0.5
+ Sun Linux 5.0.3
+ Sun Linux 5.0
+ Turbolinux Appliance Server 1.0 Workgroup Edition
+ Turbolinux Appliance Server 1.0 Hosting Edition
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Home
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Workstation 8.0
MySQL AB MySQL 3.23.56
MySQL AB MySQL 3.23.55
MySQL AB MySQL 3.23.54 a
+ OpenPKG OpenPKG 1.2
+ OpenPKG OpenPKG Current
+ RedHat Linux 9.0 i386
MySQL AB MySQL 3.23.54
+ Sun Cobalt RaQ 550
+ Trustix Secure Linux 1.5
MySQL AB MySQL 3.23.53 a
MySQL AB MySQL 3.23.53
+ OpenPKG OpenPKG Current
+ Sun Cobalt Qube 3
MySQL AB MySQL 3.23.52
+ Conectiva Linux Enterprise Edition 1.0
+ Mandriva Linux Mandrake 9.0
+ OpenPKG OpenPKG 1.1
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0
+ S.u.S.E. Linux 8.1
+ Trustix Secure Linux 1.5
MySQL AB MySQL 3.23.51
MySQL AB MySQL 3.23.50
MySQL AB MySQL 3.23.49
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ RedHat Linux 7.3 i686
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
MySQL AB MySQL 3.23.48
MySQL AB MySQL 3.23.47
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
MySQL AB MySQL 3.23.46
MySQL AB MySQL 3.23.45
MySQL AB MySQL 3.23.44
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
MySQL AB MySQL 3.23.43
MySQL AB MySQL 3.23.42
MySQL AB MySQL 3.23.41
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.2
MySQL AB MySQL 3.23.40
MySQL AB MySQL 3.23.39
+ HP SCM 3.0
MySQL AB MySQL 3.23.38
MySQL AB MySQL 3.23.37
MySQL AB MySQL 3.23.36
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ EnGarde Secure Linux 1.0.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i686
+ RedHat Linux 7.1 i586
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1
MySQL AB MySQL 3.23.34
- Debian Linux 2.2 sparc
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 arm
- Debian Linux 2.2 alpha
- Debian Linux 2.2 68k
- Debian Linux 2.2
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 3.5.1
- HP HP-UX 11.11
- HP HP-UX 11.0
- IBM AIX 4.3.3
- IBM AIX 4.3.2
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- OpenBSD OpenBSD 2.8
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.6
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 alpha
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
- RedHat Linux 5.2 sparc
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 alpha
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 6.4
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
- Sun Solaris 2.6_x86
- Sun Solaris 2.6
MySQL AB MySQL 3.23.33
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
MySQL AB MySQL 3.23.32
+ Wirex Immunix OS 7+
MySQL AB MySQL 3.23.31
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
MySQL AB MySQL 3.23.30
MySQL AB MySQL 3.23.29
MySQL AB MySQL 3.23.28 gamma
MySQL AB MySQL 3.23.28
MySQL AB MySQL 3.23.27
MySQL AB MySQL 3.23.26
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
MySQL AB MySQL 3.23.25
MySQL AB MySQL 3.23.24
MySQL AB MySQL 3.23.23
MySQL AB MySQL 3.23.22
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0
MySQL AB MySQL 3.23.10
MySQL AB MySQL 3.23.9
MySQL AB MySQL 3.23.8
MySQL AB MySQL 3.23.5
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Trustix Secure Linux 1.5
MySQL AB MySQL 3.23.4
MySQL AB MySQL 3.23.3
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
MySQL AB MySQL 3.23.2
MySQL AB MySQL 3.23 .x
MySQL AB MySQL 3.22.32
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
MySQL AB MySQL 3.22.30
MySQL AB MySQL 3.22.29
MySQL AB MySQL 3.22.28
MySQL AB MySQL 3.22.27
MySQL AB MySQL 3.22.26
MySQL AB MySQL 3.22 .x
MySQL AB MySQL 3.21 .x
MySQL AB MySQL 3.20.32 a
MySQL AB MySQL 3.20 .x
MySQL AB MySQL 4.0.21

- 不受影响的程序版本

MySQL AB MySQL 4.0.21

- 漏洞讨论

It is reported that MySQL is susceptible to an unauthorized database GRANT privilege vulnerability. This issue is due to a failure of the application to ensure that users have sufficient privileges to issue the GRANT command.

By exploiting this vulnerability, attackers may reportedly be able to gain unauthorized access to databases. This may allow them to read or modify the contents of potentially sensitive databases located on the same database server.

Versions of MySQL prior to 4.0.21 are reported vulnerable to this issue.

- 漏洞利用

An exploit is not required.

- 解决方案

The vendor has made an upgrade available that resolves this issue.

Trustix Secure Linux has made advisory TSLSA-2004-0054, along with fixes available to address this issue. Please see the referenced advisory for further information.

RedHat has released advisory RHSA-2004:611-04 along with fixes to address various issues in MySQL for RedHat Enterprise Linux operating systems. Please see the referenced advisory for further information.

OpenPKG has released advisory OpenPKG-SA-2004.045 to address various issues in MySQL. Please see the referenced advisory for further information.

SuSE has released a security summary report (SUSE-SR:2004:001) to address this and other issues. The report indicates that a fix for this issue is available on the SuSE FTP server and also through the YaST Online Update utility. Customers are advised to peruse the referenced advisory for further details regarding obtaining and applying appropriate fixes.

Ubuntu Linux has released advisory USN-32-1 along with fixes to address this, and other issues. Please see the referenced advisory for further information.

RedHat Fedora has made an advisory available (FEDORA-2004-530) dealing with this and other issues. Please see the referenced advisory for more information.

TurboLinux has released Security Announcement 17/Feb/2005 dealing with this and other issues; please see the reference section for more information.

A Fedora Legacy advisory FLSA:2129 is available to address this issue in Red Hat Linux 7.3, Red Hat Linux 9, and Fedora Core 1 for the i386 architecture. Please see the referenced advisory for more information.

Ubuntu has released another advisory USN-109-1 to address this issue. Please see the referenced advisory for more information.

Mandrake Linux has released advisory MDKSA-2005:070 along with fixes dealing with this issue. Please see the referenced advisory for more information.

Debian Linux has released advisory DSA 707-1 along with fixes dealing with this issue. Please see the referenced advisory for more information.

Conectiva Linux has released advisory CLA-2005:947 along with fixes dealing with this issue. Please see the referenced advisory for more information.

SCO has released advisory SCOSA-2005.27, along with fixes to address this issue for SCO UnixWare 7.1.4. Please see the referenced advisory for further information.


MySQL AB MySQL 3.23.49

MySQL AB MySQL 3.23.52

MySQL AB MySQL 3.23.54 a

MySQL AB MySQL 3.23.58

MySQL AB MySQL 4.0 .0

MySQL AB MySQL 4.0.1

MySQL AB MySQL 4.0.10

MySQL AB MySQL 4.0.11 -gamma

MySQL AB MySQL 4.0.11

MySQL AB MySQL 4.0.13

MySQL AB MySQL 4.0.18

MySQL AB MySQL 4.0.2

MySQL AB MySQL 4.0.20

MySQL AB MySQL 4.0.3

MySQL AB MySQL 4.0.4

MySQL AB MySQL 4.0.5

MySQL AB MySQL 4.0.6

MySQL AB MySQL 4.0.7 -gamma

MySQL AB MySQL 4.0.7

MySQL AB MySQL 4.0.8 -gamma

MySQL AB MySQL 4.0.8

MySQL AB MySQL 4.0.9 -gamma

SCO Unixware 7.1.4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站