CVE-2005-3325
CVSS7.5
发布时间 :2005-10-27 06:02:00
修订时间 :2012-07-03 00:00:00
NMCOPS    

[原文]Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote attackers to execute arbitrary SQL commands via the sig[1] parameter and possibly other parameters.


[CNNVD]Basic Analysis And Security Engine Base_qry_main.PHP SQL 注入漏洞(CNNVD-200510-235)

        Instrusion Databases Analysis Console是一款于php的入侵检测数据库分析控制台。
        (1)Intrusion Databases (ACID) 0.9.6b20的Analysis Console 中的acid_qry_main.php和(2)Basic Analysis and Security Engine (BASE) 1.2中的base_qry_main.php ,以及这些产品中未明的其他控制台脚本存在多个SQL注入漏洞。远程攻击者可以借助sig[1]参数以及可能的其他参数,执行任意SQL指令。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-89 [SQL命令中使用的特殊元素转义处理不恰当(SQL注入)]

- CPE (受影响的平台与产品)

cpe:/a:secureideas:basic_analysis_and_security_engine:1.2secureideas BASE Basic Analysis and Security Engine 1.2
cpe:/a:acid:analysis_console_for_intrusion_databases:0.9.6b20

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3325
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3325
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200510-235
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/15199
(PATCH)  BID  15199
http://www.debian.org/security/2005/dsa-893
(PATCH)  DEBIAN  DSA-893
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=336788
(PATCH)  CONFIRM  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=336788
http://www.vupen.com/english/advisories/2005/2188
(VENDOR_ADVISORY)  VUPEN  ADV-2005-2188
http://www.osvdb.org/20837
(UNKNOWN)  OSVDB  20837
http://www.osvdb.org/20836
(UNKNOWN)  OSVDB  20836
http://secunia.com/advisories/17558
(VENDOR_ADVISORY)  SECUNIA  17558
http://secunia.com/advisories/17552
(VENDOR_ADVISORY)  SECUNIA  17552
http://secunia.com/advisories/17523
(VENDOR_ADVISORY)  SECUNIA  17523
http://secunia.com/advisories/17314
(VENDOR_ADVISORY)  SECUNIA  17314

- 漏洞信息

Basic Analysis And Security Engine Base_qry_main.PHP SQL 注入漏洞
高危 SQL注入
2005-10-27 00:00:00 2009-02-20 00:00:00
远程  
        Instrusion Databases Analysis Console是一款于php的入侵检测数据库分析控制台。
        (1)Intrusion Databases (ACID) 0.9.6b20的Analysis Console 中的acid_qry_main.php和(2)Basic Analysis and Security Engine (BASE) 1.2中的base_qry_main.php ,以及这些产品中未明的其他控制台脚本存在多个SQL注入漏洞。远程攻击者可以借助sig[1]参数以及可能的其他参数,执行任意SQL指令。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        ACID Acidlab 0.9.6
        Debian acidlab-doc_0.9.6b20-10.1_all.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/a/acidlab/acidlab-doc_0.9.6b20-10.1_all.deb
        Debian acidlab-mysql_0.9.6b20-10.1_all.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/a/acidlab/acidlab-mysql_0.9.6b20-10.1_all.deb
        Debian acidlab-pgsql_0.9.6b20-10.1_all.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/a/acidlab/acidlab-pgsql_0.9.6b20-10.1_all.deb
        Debian acidlab_0.9.6b20-10.1_all.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/a/acidlab/acidlab_0.9.6b20-10.1_all.deb
        Debian acidlab_0.9.6b20-2.1_all.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/a/acidlab/acidlab_0.9.6b20-2.1_all.deb
        BASE Basic Analysis and Security Engine 1.2
        BASE base-1.2.1.tar.gz
        http://prdownloads.sourceforge.net/secureideas/base-1.2.1.tar.gz?download

- 漏洞信息 (F41541)

Debian Linux Security Advisory 893-1 (PacketStormID:F41541)
2005-11-15 00:00:00
Debian  security.debian.org
advisory,sql injection
linux,debian
CVE-2005-3325
[点击下载]

Debian Security Advisory DSA 893-1 - Remco Verhoef has discovered a vulnerability in acidlab, Analysis Console for Intrusion Databases, and in acidbase, Basic Analysis and Security Engine, which can be exploited by malicious users to conduct SQL injection attacks.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 893-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
November 14th, 2005                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : acidlab
Vulnerability  : missing input sanitising
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2005-3325
CERT advisory  : 
BugTraq ID     : 15199
Debian Bug     : 335998 336788

Remco Verhoef has discovered a vulnerability in acidlab, Analysis
Console for Intrusion Databases, and in acidbase, Basic Analysis and
Security Engine, which can be exploited by malicious users to conduct
SQL injection attacks.

The maintainers of Analysis Console for Intrusion Databases (ACID) in Debian,
of which BASE is a fork off, after a security audit of both BASE and ACID
have determined that the flaw found not only affected the base_qry_main.php (in
BASE) or acid_qry_main.php (in ACID) component but was also found in other
elements of the consoles due to improper parameter validation and filtering.

All the SQL injection bugs and Cross Site Scripting bugs found have been
fixed in the Debian package, closing all the different attack vendors detected.

For the old stable distribution (woody) this problem has been fixed in
version 0.9.6b20-2.1.

For the stable distribution (sarge) this problem has been fixed in
version 0.9.6b20-10.1.

For the unstable distribution (sid) this problem has been fixed in
version 0.9.6b20-13 and in version 1.2.1-1 of acidbase.

We recommend that you upgrade your acidlab and acidbase package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/a/acidlab/acidlab_0.9.6b20-2.1.dsc
      Size/MD5 checksum:      696 cef50f8f32342dae4d4a636514b45d67
    http://security.debian.org/pool/updates/main/a/acidlab/acidlab_0.9.6b20-2.1.diff.gz
      Size/MD5 checksum:    12025 9bd3d66dd5da335a2f6210fdabc71ffc
    http://security.debian.org/pool/updates/main/a/acidlab/acidlab_0.9.6b20.orig.tar.gz
      Size/MD5 checksum:   108889 ca7719cfed424c5173cdcd37b6299199

  Architecture independent components:

    http://security.debian.org/pool/updates/main/a/acidlab/acidlab_0.9.6b20-2.1_all.deb
      Size/MD5 checksum:   120294 145ddf686a744238b0aee2bec82cb89e


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/a/acidlab/acidlab_0.9.6b20-10.1.dsc
      Size/MD5 checksum:      696 0bae590a4e21f77779ee5b904d5b7457
    http://security.debian.org/pool/updates/main/a/acidlab/acidlab_0.9.6b20-10.1.diff.gz
      Size/MD5 checksum:   352092 02346f1d88573440afe79e8e3eca13a7
    http://security.debian.org/pool/updates/main/a/acidlab/acidlab_0.9.6b20.orig.tar.gz
      Size/MD5 checksum:   108889 ca7719cfed424c5173cdcd37b6299199

  Architecture independent components:

    http://security.debian.org/pool/updates/main/a/acidlab/acidlab-doc_0.9.6b20-10.1_all.deb
      Size/MD5 checksum:   275994 0382bf72c1ac0121f196d26b0d8462fb
    http://security.debian.org/pool/updates/main/a/acidlab/acidlab-mysql_0.9.6b20-10.1_all.deb
      Size/MD5 checksum:     4414 f78fc7c230991b9949cbd2eb5b0d54fc
    http://security.debian.org/pool/updates/main/a/acidlab/acidlab-pgsql_0.9.6b20-10.1_all.deb
      Size/MD5 checksum:     4416 3eaec77032a2c3e5044f3c649e802a5f
    http://security.debian.org/pool/updates/main/a/acidlab/acidlab_0.9.6b20-10.1_all.deb
      Size/MD5 checksum:   660860 9f6a40fc2f63e296c03029d04b92273c


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDeF9qW5ql+IAeqTIRAoMGAJ93KLxTHWqBFxWot5vlvpi/YKiScwCfX8IX
LVV/kYmRwZf1rObi9Wsfj50=
=LvWx
-----END PGP SIGNATURE-----

    

- 漏洞信息

20304
Basic Analysis and Security Engine (BASE) base_qry_main.php sig[1] Parameter SQL Injection
Remote / Network Access Information Disclosure, Input Manipulation
Loss of Confidentiality, Loss of Integrity
Exploit Public Vendor Verified

- 漏洞描述

Basic Analysis and Security Engine (BASE) contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the base_qry_main.php script not properly sanitizing user-supplied input to the 'sig[1]' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

- 时间线

2005-11-14 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 1.2.1 (kris) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Basic Analysis And Security Engine Base_qry_main.PHP SQL Injection Vulnerability
Input Validation Error 15199
Yes No
2005-10-25 12:00:00 2005-10-25 12:00:00
Remco Verhoef is credited with the discovery of this vulnerability.

- 受影响的程序版本

Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
BASE Basic Analysis and Security Engine 1.2
ACID Acidlab 0.9.6
BASE Basic Analysis and Security Engine 1.2.1

- 不受影响的程序版本

BASE Basic Analysis and Security Engine 1.2.1

- 漏洞讨论

Basic Analysis And Security Engine is prone to an SQL injection vulnerability.
This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

- 漏洞利用

No exploit is required.

An example URI has been provided:

http://www.example.com/base/base_qry_main.php?new=1&sig[0]=%3D&sig[1]=[SQL]&submit=Query+DB

- 解决方案

Debian has released advisory DSA 893-1 and fixes to address this issue. Please see the referenced advisory for further information.

The vendor has released Basic Analysis and Security Engine version 1.2.1 to address this issue.


ACID Acidlab 0.9.6

BASE Basic Analysis and Security Engine 1.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站