CVE-2006-1517
CVSS5.0
发布时间 :2006-05-05 08:46:00
修订时间 :2011-03-07 21:33:14
NMCOP    

[原文]sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message.


[CNNVD]MySQL 远程信息泄漏和缓冲区溢出漏洞(CNNVD-200605-083)

        MySQL是一款使用非常广泛的开放源代码关系数据库系统,拥有各种平台的运行版本。
        MySQL中的sql_parse.cc中存在漏洞可能导致泄漏内存数据或者恶意用户入侵系统,匿名用户登录信息泄漏漏洞。攻击者利用该漏洞通过创建特制的畸形登录报文,数据库返回信息中的数据库名会被一些未初始化的内存内容填充,从而导致信息泄漏。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:mysql:mysql:4.1.14MySQL MySQL 4.1.14
cpe:/a:mysql:mysql:4.0.8:gammaMySQL MySQL 4.0.8 gamma
cpe:/a:mysql:mysql:4.0.21MySQL MySQL 4.0.21
cpe:/a:mysql:mysql:5.0.15MySQL MySQL 5.0.15
cpe:/a:mysql:mysql:4.1.13MySQL MySQL 4.1.13
cpe:/a:mysql:mysql:4.1.18MySQL MySQL 4.1.18
cpe:/a:mysql:mysql:5.0.6MySQL MySQL 5.0.6
cpe:/a:mysql:mysql:4.1.10MySQL MySQL 4.1.10
cpe:/a:mysql:mysql:5.0.5MySQL MySQL 5.0.5
cpe:/a:mysql:mysql:4.1.6MySQL MySQL 4.1.6
cpe:/a:mysql:mysql:4.0.3MySQL MySQL 4.0.3
cpe:/a:mysql:mysql:4.0.2MySQL MySQL 4.0.2
cpe:/a:mysql:mysql:4.1.15MySQL MySQL 4.1.15
cpe:/a:mysql:mysql:5.0.1MySQL MySQL 5.0.1
cpe:/a:mysql:mysql:4.1.3MySQL MySQL 4.1.3
cpe:/a:mysql:mysql:4.1MySQL MySQL 4.1
cpe:/a:mysql:mysql:4.1.2:alphaMySQL MySQL 4.1.2 alpha
cpe:/a:mysql:mysql:4.0.4MySQL MySQL 4.0.4
cpe:/a:mysql:mysql:4.0.11MySQL MySQL 4.0.11
cpe:/a:mysql:mysql:4.0.7MySQL MySQL 4.0.7
cpe:/a:mysql:mysql:4.0.6MySQL MySQL 4.0.6
cpe:/a:mysql:mysql:4.1.16MySQL MySQL 4.1.16
cpe:/a:mysql:mysql:4.0.26MySQL MySQL 4.0.26
cpe:/a:mysql:mysql:4.0.18MySQL MySQL 4.0.18
cpe:/a:mysql:mysql:4.0.7:gammaMySQL MySQL 4.0.7 gamma
cpe:/a:mysql:mysql:5.0.14MySQL MySQL 5.0.14
cpe:/a:mysql:mysql:4.1.0.0MySQL MySQL 4.1.0.0
cpe:/a:mysql:mysql:4.1.4MySQL MySQL 4.1.4
cpe:/a:mysql:mysql:5.0.16MySQL MySQL 5.0.16
cpe:/a:mysql:mysql:4.0.5MySQL MySQL 4.0.5
cpe:/a:mysql:mysql:4.1.7MySQL MySQL 4.1.7
cpe:/a:mysql:mysql:5.0.18MySQL MySQL 5.0.18
cpe:/a:mysql:mysql:5.0.7MySQL MySQL 5.0.7
cpe:/a:mysql:mysql:4.0.19MySQL MySQL 4.0.19
cpe:/a:mysql:mysql:5.0.17MySQL MySQL 5.0.17
cpe:/a:mysql:mysql:4.0.17MySQL MySQL 4.0.17
cpe:/a:mysql:mysql:4.0.15MySQL MySQL 4.0.15
cpe:/a:mysql:mysql:4.0.16MySQL MySQL 4.0.16
cpe:/a:mysql:mysql:4.1.12MySQL MySQL 4.1.12
cpe:/a:mysql:mysql:4.0.10MySQL MySQL 4.0.10
cpe:/a:mysql:mysql:5.0.3MySQL MySQL 5.0.3
cpe:/a:mysql:mysql:5.0.12MySQL MySQL 5.0.12
cpe:/a:mysql:mysql:5.0.10MySQL MySQL 5.0.10
cpe:/a:mysql:mysql:4.0.23MySQL MySQL 4.0.23
cpe:/a:mysql:mysql:4.0.11:gammaMySQL MySQL 4.0.11 gamma
cpe:/a:mysql:mysql:4.1.10aMySQL MySQL 4.1.10a
cpe:/a:mysql:mysql:4.0.9MySQL MySQL 4.0.9
cpe:/a:mysql:mysql:5.0.9MySQL MySQL 5.0.9
cpe:/a:mysql:mysql:4.0.12MySQL MySQL 4.0.12
cpe:/a:mysql:mysql:4.1.17MySQL MySQL 4.1.17
cpe:/a:mysql:mysql:5.0.0:alphaMySQL MySQL 5.0.0 alpha
cpe:/a:mysql:mysql:5.0MySQL 5.0
cpe:/a:mysql:mysql:4.0.9:gammaMySQL MySQL 4.0.9 gamma
cpe:/a:mysql:mysql:4.0.25MySQL MySQL 4.0.25
cpe:/a:mysql:mysql:5.0.3:betaMySQL MySQL 5.0.3 Beta
cpe:/a:mysql:mysql:5.0.0.0MySQL MySQL 5.0.0.0
cpe:/a:mysql:mysql:4.1.0:alphaMySQL MySQL 4.1.0 alpha
cpe:/a:mysql:mysql:5.0.4MySQL MySQL 5.0.4
cpe:/a:mysql:mysql:4.0.5aMySQL MySQL 4.0.5a
cpe:/a:mysql:mysql:4.0.0MySQL MySQL 4.0.0
cpe:/a:mysql:mysql:5.0.13MySQL MySQL 5.0.13
cpe:/a:mysql:mysql:4.0.24MySQL MySQL 4.0.24
cpe:/a:mysql:mysql:4.0.20MySQL MySQL 4.0.20
cpe:/a:mysql:mysql:4.1.9MySQL MySQL 4.1.9
cpe:/a:mysql:mysql:5.0.8MySQL MySQL 5.0.8
cpe:/a:mysql:mysql:5.0.2MySQL MySQL 5.0.2
cpe:/a:mysql:mysql:4.1.3:betaMySQL MySQL 4.1.3 beta
cpe:/a:mysql:mysql:4.1.8MySQL MySQL 4.1.8
cpe:/a:mysql:mysql:4.0.14MySQL MySQL 4.0.14
cpe:/a:mysql:mysql:4.1.11MySQL MySQL 4.1.11
cpe:/a:mysql:mysql:5.0.11MySQL MySQL 5.0.11
cpe:/a:mysql:mysql:4.1.5MySQL MySQL 4.1.5
cpe:/a:mysql:mysql:4.0.1MySQL MySQL 4.0.1
cpe:/a:mysql:mysql:4.0.8MySQL MySQL 4.0.8
cpe:/a:mysql:mysql:4.0.13MySQL MySQL 4.0.13

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11036sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1517
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200605-083
(官方数据源) CNNVD

- 其它链接及资源

http://www.us-cert.gov/cas/techalerts/TA07-072A.html
(UNKNOWN)  CERT  TA07-072A
http://www.wisec.it/vulns.php?page=8
(PATCH)  MISC  http://www.wisec.it/vulns.php?page=8
http://securitytracker.com/id?1016016
(PATCH)  SECTRACK  1016016
http://secunia.com/advisories/19929
(VENDOR_ADVISORY)  SECUNIA  19929
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html
(PATCH)  CONFIRM  http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365939
(PATCH)  CONFIRM  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365939
http://www.vupen.com/english/advisories/2008/1326/references
(UNKNOWN)  VUPEN  ADV-2008-1326
http://www.vupen.com/english/advisories/2007/0930
(UNKNOWN)  VUPEN  ADV-2007-0930
http://www.vupen.com/english/advisories/2006/1633
(UNKNOWN)  VUPEN  ADV-2006-1633
http://www.securityfocus.com/archive/1/archive/1/432734/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060502 MySQL COM_TABLE_DUMP Information Leakage and Arbitrary commandexecution.
http://xforce.iss.net/xforce/xfdb/26228
(UNKNOWN)  XF  mysql-sqlparcecc-information-disclosure(26228)
http://www.ubuntulinux.org/support/documentation/usn/usn-283-1
(UNKNOWN)  UBUNTU  USN-283-1
http://www.trustix.org/errata/2006/0028
(UNKNOWN)  TRUSTIX  2006-0028
http://www.securityfocus.com/bid/17780
(UNKNOWN)  BID  17780
http://www.securityfocus.com/archive/1/archive/1/434164/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060516 UPDATE: [ GLSA 200605-13 ] MySQL: Information leakage
http://www.redhat.com/support/errata/RHSA-2006-0544.html
(UNKNOWN)  REDHAT  RHSA-2006:0544
http://www.osvdb.org/25228
(UNKNOWN)  OSVDB  25228
http://www.novell.com/linux/security/advisories/2006-06-02.html
(UNKNOWN)  SUSE  SUSE-SR:2006:012
http://www.mandriva.com/security/advisories?name=MDKSA-2006:084
(UNKNOWN)  MANDRIVA  MDKSA-2006:084
http://www.gentoo.org/security/en/glsa/glsa-200605-13.xml
(UNKNOWN)  GENTOO  GLSA-200605-13
http://www.debian.org/security/2006/dsa-1079
(UNKNOWN)  DEBIAN  DSA-1079
http://www.debian.org/security/2006/dsa-1073
(UNKNOWN)  DEBIAN  DSA-1073
http://www.debian.org/security/2006/dsa-1071
(UNKNOWN)  DEBIAN  DSA-1071
http://sunsolve.sun.com/search/document.do?assetkey=1-26-236703-1
(UNKNOWN)  SUNALERT  236703
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.599377
(UNKNOWN)  SLACKWARE  SSA:2006-155-01
http://securityreason.com/securityalert/839
(UNKNOWN)  SREASON  839
http://secunia.com/advisories/29847
(UNKNOWN)  SECUNIA  29847
http://secunia.com/advisories/24479
(UNKNOWN)  SECUNIA  24479
http://secunia.com/advisories/20762
(UNKNOWN)  SECUNIA  20762
http://secunia.com/advisories/20625
(UNKNOWN)  SECUNIA  20625
http://secunia.com/advisories/20457
(UNKNOWN)  SECUNIA  20457
http://secunia.com/advisories/20424
(UNKNOWN)  SECUNIA  20424
http://secunia.com/advisories/20333
(UNKNOWN)  SECUNIA  20333
http://secunia.com/advisories/20253
(UNKNOWN)  SECUNIA  20253
http://secunia.com/advisories/20241
(UNKNOWN)  SECUNIA  20241
http://secunia.com/advisories/20223
(UNKNOWN)  SECUNIA  20223
http://secunia.com/advisories/20076
(UNKNOWN)  SECUNIA  20076
http://secunia.com/advisories/20073
(UNKNOWN)  SECUNIA  20073
http://secunia.com/advisories/20002
(UNKNOWN)  SECUNIA  20002
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0011.html
(UNKNOWN)  SUSE  SUSE-SA:2006:036
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
(UNKNOWN)  APPLE  APPLE-SA-2007-03-13
http://docs.info.apple.com/article.html?artnum=305214
(UNKNOWN)  CONFIRM  http://docs.info.apple.com/article.html?artnum=305214

- 漏洞信息

MySQL 远程信息泄漏和缓冲区溢出漏洞
中危 资料不足
2006-05-05 00:00:00 2013-01-08 00:00:00
远程  
        MySQL是一款使用非常广泛的开放源代码关系数据库系统,拥有各种平台的运行版本。
        MySQL中的sql_parse.cc中存在漏洞可能导致泄漏内存数据或者恶意用户入侵系统,匿名用户登录信息泄漏漏洞。攻击者利用该漏洞通过创建特制的畸形登录报文,数据库返回信息中的数据库名会被一些未初始化的内存内容填充,从而导致信息泄漏。
        

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://dev.mysql.com/get/Downloads/MySQL-5.0/mysql-5.0.21.tar.gz/from/pick

- 漏洞信息 (F46615)

Debian Linux Security Advisory 1073-1 (PacketStormID:F46615)
2006-05-24 00:00:00
Debian  debian.org
advisory,vulnerability
linux,debian
CVE-2006-0903,CVE-2006-1516,CVE-2006-1517,CVE-2006-1518
[点击下载]

Debian Security Advisory 1073-1 - Several vulnerabilities have been discovered in MySQL, a popular SQL database.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1073-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
May 22nd, 2006                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mysql-dfsg-4.1
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518
CERT advisory  : VU#602457
BugTraq IDs    : 16850 17780
Debian Bugs    : 366043 366048 366162

Several vulnerabilities have been discovered in MySQL, a popular SQL
database.  The Common Vulnerabilities and Exposures Project identifies
the following problems:

CVE-2006-0903

    Improper handling of SQL queries containing the NULL character
    allow local users to bypass logging mechanisms.

CVE-2006-1516

    Usernames without a trailing null byte allow remote attackers to
    read portions of memory.

CVE-2006-1517

    A request with an incorrect packet length allows remote attackers
    to obtain sensitive information.

CVE-2006-1518

    Specially crafted request packets with invalid length values allow
    the execution of arbitrary code.

The following vulnerability matrix shows which version of MySQL in
which distribution has this problem fixed:

                   woody            sarge            sid
mysql            3.23.49-8.15        n/a             n/a
mysql-dfsg          n/a         4.0.24-10sarge2      n/a
mysql-dfsg-4.1      n/a         4.1.11a-4sarge3      n/a
mysql-dfsg-5.0      n/a              n/a           5.0.21-3

We recommend that you upgrade your mysql packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge3.dsc
      Size/MD5 checksum:     1029 fe1531d1b5169733638e64b98a0f2472
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge3.diff.gz
      Size/MD5 checksum:   166194 9ebbc861250d2e411a5e35cb7fc7fa6b
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a.orig.tar.gz
      Size/MD5 checksum: 15771855 3c0582606a8903e758c2014c2481c7c3

  Architecture independent components:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.11a-4sarge3_all.deb
      Size/MD5 checksum:    36074 dfb28c5169a7eaffd8fe72748a4a8a44

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_alpha.deb
      Size/MD5 checksum:  1590330 f982bc8df8b3ff88b6284e81223d69b5
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_alpha.deb
      Size/MD5 checksum:  7965144 881d5404f897d454100ee9a0b758b22b
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_alpha.deb
      Size/MD5 checksum:  1000496 30eb22210f99994481d1cb8d0f49ea70
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_alpha.deb
      Size/MD5 checksum: 17487728 c0a3b1d60dd487ae9d468dc7052c4c1b

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_amd64.deb
      Size/MD5 checksum:  1451580 f407ef8b6c520b23020df6f8ce4495aa
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_amd64.deb
      Size/MD5 checksum:  5551440 d1ded46c8b586cdee728fab22180208f
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_amd64.deb
      Size/MD5 checksum:   849082 9161807c8c260e7e0e2cd0cb9fa3a79d
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_amd64.deb
      Size/MD5 checksum: 14711044 d2d9275ff03c2c04adb64658a7e78564

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_arm.deb
      Size/MD5 checksum:  1388548 d823fd3ad8b1c5d54bfd7dbfc0957809
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_arm.deb
      Size/MD5 checksum:  5558362 4f49eae43b10441c852a91f02d9383fc
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_arm.deb
      Size/MD5 checksum:   836292 8616c375f5da29fac8c75081475390e8
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_arm.deb
      Size/MD5 checksum: 14557420 ac1dd6ea1d457a55f0920cf5367df57a

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_i386.deb
      Size/MD5 checksum:  1417574 c6bdb99fa2ab2def5403bfd97657b3bf
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_i386.deb
      Size/MD5 checksum:  5643226 a407082ba8a04f1753f70fe9c8e3f70c
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_i386.deb
      Size/MD5 checksum:   830226 997baad8b8255166dfebd155f24c7558
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_i386.deb
      Size/MD5 checksum: 14557608 c73ddde57d286c9df3742d5fd619281b

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_ia64.deb
      Size/MD5 checksum:  1712842 eef94aab0159f71a9fd90772f91b4a76
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_ia64.deb
      Size/MD5 checksum:  7782132 755cc9d914f6ae116d5540920bf8dc99
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_ia64.deb
      Size/MD5 checksum:  1050204 b2ee7722223cb450f866ce69852fe304
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_ia64.deb
      Size/MD5 checksum: 18475254 c72ffcb6e1e7796b466950aceae48bb3

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_hppa.deb
      Size/MD5 checksum:  1550772 a7627788d338b1ee32017bbafcdd1bcd
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_hppa.deb
      Size/MD5 checksum:  6249776 3d4fc83da65ac4fe5a4b6135a20debf8
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_hppa.deb
      Size/MD5 checksum:   909638 ebf27138ed29103d90e6be0f5a8e28a0
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_hppa.deb
      Size/MD5 checksum: 15791200 3be40e327c9c309556f9b767fe6b8e58

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_m68k.deb
      Size/MD5 checksum:  1397530 e0e5f01d008cd40ee38b7e7a30f5d69e
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_m68k.deb
      Size/MD5 checksum:  5283788 d4186f7a2c0c231d4376087a51b74a5a
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_m68k.deb
      Size/MD5 checksum:   803448 772bd59ae1d8ea5af95dc2b416661608
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_m68k.deb
      Size/MD5 checksum: 14071540 766cce55819838830b209a23b343c5c2

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_mips.deb
      Size/MD5 checksum:  1478502 618699397eb82eead99acf01c4d25f59
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_mips.deb
      Size/MD5 checksum:  6052694 7fe59dab19ac323389bdbefefcb2f472
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_mips.deb
      Size/MD5 checksum:   904080 d140aaa93ad6fc52372b6860f5196685
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_mips.deb
      Size/MD5 checksum: 15410072 ffd30ff403a343eda1467d543a9485bc

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_mipsel.deb
      Size/MD5 checksum:  1445934 a5642a17a417b705c53b6689727f28d9
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_mipsel.deb
      Size/MD5 checksum:  5971150 cb94a8fac63741d802344a41758108e1
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_mipsel.deb
      Size/MD5 checksum:   889688 bf8b2046d3da235c9717342c0fe802d7
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_mipsel.deb
      Size/MD5 checksum: 15104986 c67d26b51c37892ced55a971c3e2ed73

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_powerpc.deb
      Size/MD5 checksum:  1476442 b6365d6bef0817718550fd344151b3a6
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_powerpc.deb
      Size/MD5 checksum:  6027254 cb0be5d5ff7180c0e36850a69a5159c6
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_powerpc.deb
      Size/MD5 checksum:   906982 23b1bb52a6df22e84f3677e3eec0c0b4
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_powerpc.deb
      Size/MD5 checksum: 15402586 2af7f90038dbb3f60cc1c62c159ff18e

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_s390.deb
      Size/MD5 checksum:  1538088 68fd210fd6eb741baa8ae48540ce696c
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_s390.deb
      Size/MD5 checksum:  5461222 0734f9fec16ab4b2aa96bc53fb68fdae
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_s390.deb
      Size/MD5 checksum:   883848 4cf9f929345df7259c78b731a8eda589
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_s390.deb
      Size/MD5 checksum: 15055130 883b34ff52b3fffdf62845cabe5a99c4

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_sparc.deb
      Size/MD5 checksum:  1460258 513bb61a8a20c6eb55722b37a21010eb
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_sparc.deb
      Size/MD5 checksum:  6207684 b6191cb684d4d7057d5577840d932d6d
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_sparc.deb
      Size/MD5 checksum:   867786 a695ec3e218569ce84ad39413e113123
    http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_sparc.deb
      Size/MD5 checksum: 15391404 79c1c0e272f8f21b9b72486945104400


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEceD5W5ql+IAeqTIRAgMXAJ9HEJIeepWNbNODO+eYZ4U6Nix4cACgrca3
Z4KxnuPVh9m6XDvu0An6fM4=
=4K+c
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F46578)

Debian Linux Security Advisory 1071-1 (PacketStormID:F46578)
2006-05-23 00:00:00
Debian  debian.org
advisory,vulnerability
linux,debian
CVE-2006-0903,CVE-2006-1516,CVE-2006-1517,CVE-2006-1518
[点击下载]

Debian Security Advisory 1071-1 - Several vulnerabilities have been discovered in MySQL, a popular SQL database.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1071-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
May 22nd, 2006                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mysql
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518
BugTraq ID     : 16850 17780
Debian Bugs    : 366044 366049 366163 

Several vulnerabilities have been discovered in MySQL, a popular SQL
database.  The Common Vulnerabilities and Exposures Project identifies
the following problems:

CVE-2006-0903

    Improper handling of SQL queries containing the NULL character
    allow local users to bypass logging mechanisms.

CVE-2006-1516

    Usernames without a trailing null byte allow remote attackers to
    read portions of memory.

CVE-2006-1517

    A request with an incorrect packet length allows remote attackers
    to obtain sensitive information.

CVE-2006-1518

    Specially crafted request packets with invalid length values allow
    the execution of arbitrary code.

The following vulnerability matrix shows which version of MySQL in
which distribution has this problem fixed:

                   woody            sarge            sid
mysql            3.23.49-8.15        n/a             n/a
mysql-dfsg          n/a         4.0.24-10sarge2      n/a
mysql-dfsg-4.1      n/a         4.1.11a-4sarge3      n/a
mysql-dfsg-5.0      n/a              n/a           5.0.21-3

We recommend that you upgrade your mysql packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.15.dsc
      Size/MD5 checksum:      879 21598d431082835b54d38a38c4cee858
    http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.15.diff.gz
      Size/MD5 checksum:    88097 f3c76dbd7c85581fa5475cf79c03d5f8
    http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz
      Size/MD5 checksum: 11861035 a2820d81997779a9fdf1f4b3c321564a

  Architecture independent components:

    http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.15_all.deb
      Size/MD5 checksum:    18728 4787fb8d534fccc0a75eef9886d653d1
    http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.23.49-8.5_all.deb
      Size/MD5 checksum:  1962992 a4cacebaadf9d5988da0ed1a336b48e6

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_alpha.deb
      Size/MD5 checksum:   280046 0fcc437bffad77818f655f3d7bc08172
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_alpha.deb
      Size/MD5 checksum:   781772 0805f9a947df42ceabcf7b5416313e5d
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_alpha.deb
      Size/MD5 checksum:   165452 38ea22176049a8e13ce3b5116d35b102
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_alpha.deb
      Size/MD5 checksum:  3637800 fa1cc6d356b0547eca7971a2bf59392f

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_arm.deb
      Size/MD5 checksum:   240550 b431eb6813bf479a158c5b907e1d7c70
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_arm.deb
      Size/MD5 checksum:   637232 9e7a5f1cbeda0a88e87490e13334d01f
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_arm.deb
      Size/MD5 checksum:   125784 be0adbfab6226363a69528e5f1e9f333
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_arm.deb
      Size/MD5 checksum:  2809700 73b8ef668254a7ba6ceb2feff4b540d9

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_i386.deb
      Size/MD5 checksum:   236716 fa80e65e6efb9a1f01f2832a82f9f905
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_i386.deb
      Size/MD5 checksum:   578846 959e7c46425a7454f7fe0b198b40762e
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_i386.deb
      Size/MD5 checksum:   124372 597d974c2470682b0f1de92271fdabbd
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_i386.deb
      Size/MD5 checksum:  2802762 82fb998296316b7226d1f850eaa273a8

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_ia64.deb
      Size/MD5 checksum:   317344 3d6a459ab7e69b4f0750a59a2d094758
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_ia64.deb
      Size/MD5 checksum:   851348 c8e69d70baf65b1a4fbbb73bf00632a1
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_ia64.deb
      Size/MD5 checksum:   175632 796a940396042f2bcaddea018ede0d51
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_ia64.deb
      Size/MD5 checksum:  4002688 67622e35054325460cdd6394a9e4dfc8

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_hppa.deb
      Size/MD5 checksum:   282948 29bc465081e3f6dec23d03a13f75398a
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_hppa.deb
      Size/MD5 checksum:   746560 4fd1b58b087205fe1765ad9a51f93a8e
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_hppa.deb
      Size/MD5 checksum:   142410 6d5e857627d9bda09f5ae17a1fe13c8b
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_hppa.deb
      Size/MD5 checksum:  3516934 db9c3c9c1cec3fac8b7001bdd9faf35a

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_m68k.deb
      Size/MD5 checksum:   229876 c003c14ea7a782d36a2bbc236833233e
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_m68k.deb
      Size/MD5 checksum:   559992 b7d8bac43dbe0beafc7144ed86d6e5ac
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_m68k.deb
      Size/MD5 checksum:   120210 7581609f153cf2ac84a21bb29f764a78
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_m68k.deb
      Size/MD5 checksum:  2649814 51d9886ff911f0759f31fec56caab4c1

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_mips.deb
      Size/MD5 checksum:   253148 70974b32fbed73a10eaccebfad27ad6a
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_mips.deb
      Size/MD5 checksum:   691458 f03714859bb5e48357dee35f1cbd4825
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_mips.deb
      Size/MD5 checksum:   135674 efc3f06dd8a7251d931eacce61300011
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_mips.deb
      Size/MD5 checksum:  2852048 6bc57fb54a11f7f3940d72b2a2692ec5

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_mipsel.deb
      Size/MD5 checksum:   252828 b8f8b9a9eec8937f6b8affc4adc27613
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_mipsel.deb
      Size/MD5 checksum:   690894 ba822c97fbb74a3eb4d12fc6cbb6f1b4
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_mipsel.deb
      Size/MD5 checksum:   136026 d0ab4e4118754fd62abfed7de2d657de
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_mipsel.deb
      Size/MD5 checksum:  2841334 ce1ac81fed6b0866c27421ce8762cd56

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_powerpc.deb
      Size/MD5 checksum:   249906 6a8e1eabc665780bef0cfcd02f80bd40
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_powerpc.deb
      Size/MD5 checksum:   655160 683b9da469a9fbf322070fd14d604620
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_powerpc.deb
      Size/MD5 checksum:   131254 9caa84083ac02d3f42e8db1b01f335a6
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_powerpc.deb
      Size/MD5 checksum:  2826740 9aae136488c4a46027f2e873d530e588

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_s390.deb
      Size/MD5 checksum:   252176 40e38e7ead56c32e9bb97623525bf637
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_s390.deb
      Size/MD5 checksum:   610058 f5fdde465807c3fb1158013d2b78efce
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_s390.deb
      Size/MD5 checksum:   128222 2def1019311f8c90d5be16f34f1c1a0b
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_s390.deb
      Size/MD5 checksum:  2694420 85e5072479f5eb881d94465b47ff25a1

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_sparc.deb
      Size/MD5 checksum:   243122 362233b968a81c7e6c5dc3d5f150ee47
    http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_sparc.deb
      Size/MD5 checksum:   618384 a246d3b87d68ab7ad7c50a81fd9a7323
    http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_sparc.deb
      Size/MD5 checksum:   132200 fd8be426a84c6657d1c5e2591196e1d8
    http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_sparc.deb
      Size/MD5 checksum:  2943524 403784da03722d525674901acdea685a


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEcYSnW5ql+IAeqTIRApjCAKCX+zhfxcK6/y1emS0jGtwbfP3T+wCfSyzF
pn0AvObDJ3l02pPx9loQ/98=
=q4Ar
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F46225)

Ubuntu Security Notice 283-1 (PacketStormID:F46225)
2006-05-09 00:00:00
Ubuntu  security.ubuntu.com
advisory,remote
linux,ubuntu
CVE-2006-1516,CVE-2006-1517
[点击下载]

Ubuntu Security Notice 283-1 - Stefano Di Paola discovered an information leak in the login packet parser. By sending a specially crafted malformed login packet, a remote attacker could exploit this to read a random piece of memory, which could potentially reveal sensitive data. Stefano Di Paola also found a similar information leak in the parser for the COM_TABLE_DUMP request.

===========================================================
Ubuntu Security Notice USN-283-1	       May 08, 2006
mysql-dfsg-4.1, mysql-dfsg vulnerabilities
CVE-2006-1516, CVE-2006-1517
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

mysql-server
mysql-server-4.1

The problem can be corrected by upgrading the affected package to
version 4.0.23-3ubuntu2.3 (for Ubuntu 5.04), 4.0.24-10ubuntu2.2
(mysql-server for Ubuntu 5.10), or 4.1.12-1ubuntu3.3 (mysql-server-4.1
for Ubuntu 5.10).  In general, a standard system upgrade is sufficient
to effect the necessary changes.

Details follow:

Stefano Di Paola discovered an information leak in the login packet
parser. By sending a specially crafted malformed login packet, a
remote attacker could exploit this to read a random piece of memory,
which could potentially reveal sensitive data. (CVE-2006-1516)

Stefano Di Paola also found a similar information leak in the parser
for the COM_TABLE_DUMP request. (CVE-2006-1517)


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.23-3ubuntu2.3.diff.gz
      Size/MD5:   345474 a03d04b6232f33905f239248035f3c38
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.23-3ubuntu2.3.dsc
      Size/MD5:      891 f45ff763a72c15171cad1162886f35de
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.23.orig.tar.gz
      Size/MD5:  9814467 5eec8f66ed48c6ff92e73161651a492b

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-common_4.0.23-3ubuntu2.3_all.deb
      Size/MD5:    32208 366666fa86a1832df41a6371ab247a13

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.23-3ubuntu2.3_amd64.deb
      Size/MD5:  2866464 bd0a5bcdee56e03cbecb27753e0f9f96
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.23-3ubuntu2.3_amd64.deb
      Size/MD5:   307028 3de11414c948eb5ba7cdd0a83eeb96f7
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.23-3ubuntu2.3_amd64.deb
      Size/MD5:   431620 d90f664ce975be92b926fd5b9d2429ab
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.23-3ubuntu2.3_amd64.deb
      Size/MD5:  3628942 9596aa1a65337b9b9dbf642c0bd9794d

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.23-3ubuntu2.3_i386.deb
      Size/MD5:  2826196 0762c6d6057e91dae14ade788b45afba
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.23-3ubuntu2.3_i386.deb
      Size/MD5:   289722 1a4a652c075dcab324c7e4f3f6384d1f
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.23-3ubuntu2.3_i386.deb
      Size/MD5:   404788 e6dcfc067fbae77ce3421a8d8dfdf8cc
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.23-3ubuntu2.3_i386.deb
      Size/MD5:  3537800 ca606ecc15afb3cce2c295aa1f9ab344

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.23-3ubuntu2.3_powerpc.deb
      Size/MD5:  3179856 dce3423162923cfc56b1ac6b79e07e07
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.23-3ubuntu2.3_powerpc.deb
      Size/MD5:   312632 8cfae324093e3ea018d539d1183133d2
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.23-3ubuntu2.3_powerpc.deb
      Size/MD5:   462406 96c5db41bc684ebc7754145b52beea3e
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.23-3ubuntu2.3_powerpc.deb
      Size/MD5:  3839416 0268c71659e4c1cbaa07a88051a4db56


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.12-1ubuntu3.3.diff.gz
      Size/MD5:   162244 fddf1e4d87d56438a65315e3df406b49
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.12-1ubuntu3.3.dsc
      Size/MD5:     1024 adf2851ddc2685c8071330f3d6587ddf
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.12.orig.tar.gz
      Size/MD5: 15921909 c7b83a19bd8a4f42d5d64c239d05121f
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.24-10ubuntu2.2.diff.gz
      Size/MD5:    98632 35543de80b68e132078805f930c22cc3
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.24-10ubuntu2.2.dsc
      Size/MD5:      964 a3306800e3fb87b1ba6425e1675a1c70
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.24.orig.tar.gz
      Size/MD5:  9923794 aed8f335795a359f32492159e3edfaa3

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.12-1ubuntu3.3_all.deb
      Size/MD5:    36412 1ff53ed798ff3e764776232c5b9ed8a2
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-common_4.0.24-10ubuntu2.2_all.deb
      Size/MD5:    34874 2237d7dee140b8a1c25fd0495b71c590

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10ubuntu2.2_amd64.deb
      Size/MD5:  3231484 744f672b3638271f538859fead4086e3
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10ubuntu2.2_amd64.deb
      Size/MD5:   307940 4dfd1900c36aecbc840e69d246e55ffc
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.3_amd64.deb
      Size/MD5:  5830998 ad3e828060133fb423f98ace529022d3
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.3_amd64.deb
      Size/MD5:  1539694 9b8cd250044091a4a659ac8d3edd914a
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.3_amd64.deb
      Size/MD5:   897782 09e8a26e30ced2274986b76483952d18
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.24-10ubuntu2.2_amd64.deb
      Size/MD5:   439708 8d3c1f429dd4df1fca98dbfc7826641b
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.3_amd64.deb
      Size/MD5: 18429678 c2584ea7c9ab83720f9dcdc9b425f080
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.24-10ubuntu2.2_amd64.deb
      Size/MD5:  3922172 8e6e94953f530e0e95f0e4cd7c64e5d9

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10ubuntu2.2_i386.deb
      Size/MD5:  2868602 bfb0d0580d0a1434e5d6168a9964afe1
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10ubuntu2.2_i386.deb
      Size/MD5:   291768 c1d98662f9ee65b7e03a42ba37b71ed8
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.3_i386.deb
      Size/MD5:  5347206 e3d8e9e5f4fd1f5a8966d9535233d01c
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.3_i386.deb
      Size/MD5:  1474730 25ee2f76ad4a8ee8a71c93c21be8e75c
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.3_i386.deb
      Size/MD5:   865934 82a45bd5ea12d4b2b80341ac8a99e5a7
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.24-10ubuntu2.2_i386.deb
      Size/MD5:   413660 44384cf27d24c0b402182d61dbf954ca
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.3_i386.deb
      Size/MD5: 17335996 0f182836baf752da5614df0e07b59fdf
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.24-10ubuntu2.2_i386.deb
      Size/MD5:  3555698 8ba9724a80d6dba7a9a9ba88567a597f

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10ubuntu2.2_powerpc.deb
      Size/MD5:  3090218 f9affc50377eb158f6ebb17e8461b293
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10ubuntu2.2_powerpc.deb
      Size/MD5:   305738 5d2b428dc00828d93bda45278b953c69
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.3_powerpc.deb
      Size/MD5:  6067794 3a9b7587c906545ba6f27f275c6ab1c4
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.3_powerpc.deb
      Size/MD5:  1547882 bc20a7b7659aba5ce22dc6a2cf0a6a6f
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.3_powerpc.deb
      Size/MD5:   937142 b3aae00524eb4fbdbfda3d16cfdb647c
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-client_4.0.24-10ubuntu2.2_powerpc.deb
      Size/MD5:   453620 043b3b5ed7e7cee2f620aa1a3160ba5f
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.3_powerpc.deb
      Size/MD5: 18521840 59456b5875845e245d6698ce4020012f
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg/mysql-server_4.0.24-10ubuntu2.2_powerpc.deb
      Size/MD5:  3664314 e3405e9c5f9202255e7e7d2c1b340815
    

- 漏洞信息

25228
MySQL Crafted COM_TABLE_DUMP Request Arbitrary Memory Disclosure
Remote / Network Access Input Manipulation
Loss of Confidentiality
Exploit Public Vendor Verified

- 漏洞描述

MySQL contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious client sends a specially crafted invalid login or COM_TABLE_DUMP packets, which will disclose arbitrary memory in error messages resulting in a loss of confidentiality.

- 时间线

2006-05-02 Unknow
2006-05-02 Unknow

- 解决方案

Upgrade to version 4.1.19, 5.0.21, 5.1.10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站