CVE-2006-2753
CVSS7.5
发布时间 :2006-06-01 13:02:00
修订时间 :2011-03-07 21:36:57
NMCOPS    

[原文]SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input.


[CNNVD]MySQL Mysql_real_escape函数 SQL注入漏洞(CNNVD-200606-008)

        MySQL 存在SQL注入漏洞,上下文依赖的攻击者可通过在字符集如SJIS、BIG5和GBK中的特制多字节编码来执行任意SQL命令,当mysql_real_escape函数用来逃脱输入时,系统不能正确处理这些编码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:mysql:mysql:5.0.17MySQL MySQL 5.0.17
cpe:/a:mysql:mysql:4.1.14MySQL MySQL 4.1.14
cpe:/a:mysql:mysql:4.1.12MySQL MySQL 4.1.12
cpe:/a:mysql:mysql:5.0.21MySQL MySQL 5.0.21
cpe:/a:mysql:mysql:5.0.3MySQL MySQL 5.0.3
cpe:/a:mysql:mysql:5.0.12MySQL MySQL 5.0.12
cpe:/a:mysql:mysql:5.0.10MySQL MySQL 5.0.10
cpe:/a:mysql:mysql:5.0.0MySQL MySQL 5.0.0
cpe:/a:mysql:mysql:5.0.9MySQL MySQL 5.0.9
cpe:/a:mysql:mysql:5.0.15MySQL MySQL 5.0.15
cpe:/a:mysql:mysql:4.1.18MySQL MySQL 4.1.18
cpe:/a:mysql:mysql:4.1.13MySQL MySQL 4.1.13
cpe:/a:mysql:mysql:5.0.6MySQL MySQL 5.0.6
cpe:/a:mysql:mysql:5.0.20aMySQL MySQL 5.0.20a
cpe:/a:mysql:mysql:4.1.17MySQL MySQL 4.1.17
cpe:/a:mysql:mysql:4.1.10MySQL MySQL 4.1.10
cpe:/a:mysql:mysql:5.0.5MySQL MySQL 5.0.5
cpe:/a:mysql:mysql:5.0.19MySQL MySQL 5.0.19
cpe:/a:mysql:mysql:4.1.6MySQL MySQL 4.1.6
cpe:/a:mysql:mysql:4.1.15MySQL MySQL 4.1.15
cpe:/a:mysql:mysql:4.1.3MySQL MySQL 4.1.3
cpe:/a:mysql:mysql:5.0.1MySQL MySQL 5.0.1
cpe:/a:mysql:mysql:4.1.19MySQL MySQL 4.1.19
cpe:/a:mysql:mysql:4.1.0MySQL MySQL 4.1.0
cpe:/a:mysql:mysql:4.1.2MySQL MySQL 4.1.2
cpe:/a:mysql:mysql:4.1.1MySQL MySQL 4.1.1
cpe:/a:mysql:mysql:5.0.4MySQL MySQL 5.0.4
cpe:/a:mysql:mysql:4.1.16MySQL MySQL 4.1.16
cpe:/a:mysql:mysql:5.0.13MySQL MySQL 5.0.13
cpe:/a:mysql:mysql:5.0.14MySQL MySQL 5.0.14
cpe:/a:mysql:mysql:4.1.4MySQL MySQL 4.1.4
cpe:/a:mysql:mysql:4.1.9MySQL MySQL 4.1.9
cpe:/a:mysql:mysql:5.0.8MySQL MySQL 5.0.8
cpe:/a:mysql:mysql:5.0.2MySQL MySQL 5.0.2
cpe:/a:mysql:mysql:5.0.16MySQL MySQL 5.0.16
cpe:/a:mysql:mysql:4.1.8MySQL MySQL 4.1.8
cpe:/a:mysql:mysql:4.1.11MySQL MySQL 4.1.11
cpe:/a:mysql:mysql:4.1.7MySQL MySQL 4.1.7
cpe:/a:mysql:mysql:5.0.18MySQL MySQL 5.0.18
cpe:/a:mysql:mysql:5.0.11MySQL MySQL 5.0.11
cpe:/a:mysql:mysql:4.1.5MySQL MySQL 4.1.5
cpe:/a:mysql:mysql:5.0.7MySQL MySQL 5.0.7
cpe:/a:mysql:mysql:5.0.20MySQL MySQL 5.0.20

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10312SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2753
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2753
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200606-008
(官方数据源) CNNVD

- 其它链接及资源

http://www.us-cert.gov/cas/techalerts/TA07-072A.html
(UNKNOWN)  CERT  TA07-072A
http://lists.mysql.com/announce/364
(PATCH)  CONFIRM  http://lists.mysql.com/announce/364
http://www.vupen.com/english/advisories/2007/0930
(UNKNOWN)  VUPEN  ADV-2007-0930
http://www.vupen.com/english/advisories/2006/2105
(UNKNOWN)  VUPEN  ADV-2006-2105
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369735
(UNKNOWN)  CONFIRM  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369735
http://xforce.iss.net/xforce/xfdb/26875
(UNKNOWN)  XF  mysql-ascii-sql-injection(26875)
http://www.ubuntulinux.org/support/documentation/usn/usn-303-1
(UNKNOWN)  UBUNTU  USN-303-1
http://www.ubuntu.com/usn/usn-288-3
(UNKNOWN)  UBUNTU  USN-288-3
http://www.trustix.org/errata/2006/0034/
(UNKNOWN)  TRUSTIX  2006-0034
http://www.securityfocus.com/bid/18219
(UNKNOWN)  BID  18219
http://www.redhat.com/support/errata/RHSA-2006-0544.html
(UNKNOWN)  REDHAT  RHSA-2006:0544
http://www.mandriva.com/security/advisories?name=MDKSA-2006:097
(UNKNOWN)  MANDRIVA  MDKSA-2006:097
http://www.gentoo.org/security/en/glsa/glsa-200606-13.xml
(UNKNOWN)  GENTOO  GLSA-200606-13
http://www.debian.org/security/2006/dsa-1092
(UNKNOWN)  DEBIAN  DSA-1092
http://securitytracker.com/id?1016216
(UNKNOWN)  SECTRACK  1016216
http://secunia.com/advisories/24479
(UNKNOWN)  SECUNIA  24479
http://secunia.com/advisories/20712
(UNKNOWN)  SECUNIA  20712
http://secunia.com/advisories/20625
(UNKNOWN)  SECUNIA  20625
http://secunia.com/advisories/20562
(UNKNOWN)  SECUNIA  20562
http://secunia.com/advisories/20541
(UNKNOWN)  SECUNIA  20541
http://secunia.com/advisories/20531
(UNKNOWN)  SECUNIA  20531
http://secunia.com/advisories/20489
(UNKNOWN)  SECUNIA  20489
http://secunia.com/advisories/20365
(UNKNOWN)  SECUNIA  20365
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
(UNKNOWN)  APPLE  APPLE-SA-2007-03-13
http://docs.info.apple.com/article.html?artnum=305214
(UNKNOWN)  CONFIRM  http://docs.info.apple.com/article.html?artnum=305214

- 漏洞信息

MySQL Mysql_real_escape函数 SQL注入漏洞
高危 SQL注入
2006-06-01 00:00:00 2006-06-02 00:00:00
远程  
        MySQL 存在SQL注入漏洞,上下文依赖的攻击者可通过在字符集如SJIS、BIG5和GBK中的特制多字节编码来执行任意SQL命令,当mysql_real_escape函数用来逃脱输入时,系统不能正确处理这些编码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        MySQL AB MySQL 4.1.11a
        Debian libmysqlclient14-dev_4.1.11a-4sarge4_alpha.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14-dev_4.1.11a-4sarge4_alpha.deb
        Debian libmysqlclient14-dev_4.1.11a-4sarge4_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14-dev_4.1.11a-4sarge4_amd64.deb
        Debian libmysqlclient14-dev_4.1.11a-4sarge4_arm.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14-dev_4.1.11a-4sarge4_arm.deb
        Debian libmysqlclient14-dev_4.1.11a-4sarge4_hppa.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14-dev_4.1.11a-4sarge4_hppa.deb
        Debian libmysqlclient14-dev_4.1.11a-4sarge4_i386.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14-dev_4.1.11a-4sarge4_i386.deb
        Debian libmysqlclient14-dev_4.1.11a-4sarge4_ia64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14-dev_4.1.11a-4sarge4_ia64.deb
        Debian libmysqlclient14-dev_4.1.11a-4sarge4_m68k.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14-dev_4.1.11a-4sarge4_m68k.deb
        Debian libmysqlclient14-dev_4.1.11a-4sarge4_mips.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14-dev_4.1.11a-4sarge4_mips.deb
        Debian libmysqlclient14-dev_4.1.11a-4sarge4_mipsel.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14-dev_4.1.11a-4sarge4_mipsel.deb
        Debian libmysqlclient14-dev_4.1.11a-4sarge4_powerpc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14-dev_4.1.11a-4sarge4_powerpc.deb
        Debian libmysqlclient14-dev_4.1.11a-4sarge4_s390.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14-dev_4.1.11a-4sarge4_s390.deb
        Debian libmysqlclient14-dev_4.1.11a-4sarge4_sparc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14-dev_4.1.11a-4sarge4_sparc.deb
        Debian libmysqlclient14_4.1.11a-4sarge4_alpha.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14_4.1.11a-4sarge4_alpha.deb
        Debian libmysqlclient14_4.1.11a-4sarge4_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14_4.1.11a-4sarge4_amd64.deb
        Debian libmysqlclient14_4.1.11a-4sarge4_arm.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14_4.1.11a-4sarge4_arm.deb
        Debian libmysqlclient14_4.1.11a-4sarge4_hppa.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14_4.1.11a-4sarge4_hppa.deb
        Debian libmysqlclient14_4.1.11a-4sarge4_i386.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14_4.1.11a-4sarge4_i386.deb
        Debian libmysqlclient14_4.1.11a-4sarge4_ia64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14_4.1.11a-4sarge4_ia64.deb
        Debian libmysqlclient14_4.1.11a-4sarge4_m68k.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14_4.1.11a-4sarge4_m68k.deb
        Debian libmysqlclient14_4.1.11a-4sarge4_mips.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysql client14_4.1.11a-4sarge4_mips.deb
        Debian libmysqlclient14_4.1.11a-4sarge4_mipsel.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/ma

- 漏洞信息 (F47658)

Ubuntu Security Notice 303-1 (PacketStormID:F47658)
2006-06-26 00:00:00
Ubuntu  ubuntu.com
advisory,sql injection
linux,ubuntu
CVE-2006-2753
[点击下载]

Ubuntu Security Notice 303-1 - An SQL injection vulnerability has been discovered when using less popular multibyte encodings (such as SJIS, or BIG5) which contain valid multibyte characters that end with the byte 0x5c.

=========================================================== 
Ubuntu Security Notice USN-303-1              June 16, 2006
mysql-dfsg-4.1, mysql-dfsg-5.0 vulnerability
CVE-2006-2753
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  libmysqlclient14               4.1.12-1ubuntu3.5
  mysql-server-4.1               4.1.12-1ubuntu3.5

Ubuntu 6.06 LTS:
  libmysqlclient15off            5.0.22-0ubuntu6.06
  mysql-server-5.0               5.0.22-0ubuntu6.06

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

An SQL injection vulnerability has been discovered when using less
popular multibyte encodings (such as SJIS, or BIG5) which contain
valid multibyte characters that end with the byte 0x5c (the
representation of the backslash character >>\<< in ASCII). 

Many client libraries and applications use the non-standard, but
popular way of escaping the >>'<< character by replacing all
occurences of it with >>\'<<. If a client application uses one of the
affected encodings and does not interpret multibyte characters, and an
attacker supplies a specially crafted byte sequence as an input string
parameter, this escaping method would then produce a validly-encoded
character and an excess >>'<< character which would end the string.
All subsequent characters would then be interpreted as SQL code, so
the attacker could execute arbitrary SQL commands.

The updated packages fix the mysql_real_escape_string() function to
escape quote characters in a safe way. If you use third-party software
which uses an ad-hoc method of string escaping, you should convert
them to use mysql_real_escape_string() instead, or at least use the
standard SQL method of escaping  >>'<< with  >>''<<.


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.12-1ubuntu3.5.diff.gz
      Size/MD5:   164408 5397489739ab8a6fa1e2d7571ae16ca2
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.12-1ubuntu3.5.dsc
      Size/MD5:     1024 22dc09e63f2b4127c80c059bd6153c04
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.12.orig.tar.gz
      Size/MD5: 15921909 c7b83a19bd8a4f42d5d64c239d05121f

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.12-1ubuntu3.5_all.deb
      Size/MD5:    36658 8445340ee40a549040a29f7f89fa6055

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.5_amd64.deb
      Size/MD5:  5831402 04b5f068cace48115f03eaa2945ba4f7
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.5_amd64.deb
      Size/MD5:  1540532 52379ea5384399887a5044e2dc70a362
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.5_amd64.deb
      Size/MD5:   898266 102c1f4e3a52f002c0072639a38fd1f1
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.5_amd64.deb
      Size/MD5: 18433534 0b59eb84f010a37866855db11bc212d4

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.5_i386.deb
      Size/MD5:  5347970 10e3a08014562d78a92c78f9473606ad
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.5_i386.deb
      Size/MD5:  1475306 fe18f1652d49ce4f1f01f1fb41293ee0
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.5_i386.deb
      Size/MD5:   866276 c4620364312b32767f4b8c93ca85ea6a
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.5_i386.deb
      Size/MD5: 17336092 c0a7e15a536c68f101d711faca79acd0

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.5_powerpc.deb
      Size/MD5:  6069036 84fe04fd9e556e03a5f8017b0287056e
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.5_powerpc.deb
      Size/MD5:  1548894 042a41167cffb3aa116ceca7b144c04a
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.5_powerpc.deb
      Size/MD5:   937510 b42029e8720887a9414a1e5affdfa2bf
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.5_powerpc.deb
      Size/MD5: 18523172 687d56f3e0ea63af4bc5d972849e7019

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.12-1ubuntu3.5_sparc.deb
      Size/MD5:  5657096 78aec682713ebb64ff7f56f5ec30a390
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.12-1ubuntu3.5_sparc.deb
      Size/MD5:  1516244 461600c34dd324e019dd5f253864dcb6
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.12-1ubuntu3.5_sparc.deb
      Size/MD5:   889180 b06d0b10dec55bf34f6af5f93be4bfb1
    http://security.ubuntu.com/ubuntu/pool/universe/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.12-1ubuntu3.5_sparc.deb
      Size/MD5: 17738656 2f56d26f632002847a5aa20d13ac3d69

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.diff.gz
      Size/MD5:   124884 30192e23eff142a7d8cd474eb3b65c06
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.dsc
      Size/MD5:     1105 e09e1c03b0e55a97aa2f5b393132596c
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22.orig.tar.gz
      Size/MD5: 18446645 2b8f36364373461190126817ec872031

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.22-0ubuntu6.06_all.deb
      Size/MD5:    36488 bf16f763f6c019d74cd5a55a34954d08
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.22-0ubuntu6.06_all.deb
      Size/MD5:    38988 4b48c8fe34e49ea7690dd847e0210c6e
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.22-0ubuntu6.06_all.deb
      Size/MD5:    36492 51ec1d6030a085747746855f42a247fa

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06_amd64.deb
      Size/MD5:  6724410 3fd45ed8e0dde1ec45da36087fc9b466
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06_amd64.deb
      Size/MD5:  1421368 dd0a24e7f521cae816caaff9dd7b95c1
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06_amd64.deb
      Size/MD5:  6895040 e05408c12fbdeb93ac9af0168a833945
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06_amd64.deb
      Size/MD5: 22490622 353f002eb8bf7adcfb6ac0a2aba200e7

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06_i386.deb
      Size/MD5:  6138262 b8de5bb648d0a6787dc2a75e082fd338
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06_i386.deb
      Size/MD5:  1382000 458f53b535bf7c4240415b7f112398c2
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06_i386.deb
      Size/MD5:  6277278 03772cb73d84fbd786024bed75634f17
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06_i386.deb
      Size/MD5: 21345370 944c51038761b5d180e4a5b9405dd8cd

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06_powerpc.deb
      Size/MD5:  6881628 539aaeb27db75c415f86a08a60922bb6
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06_powerpc.deb
      Size/MD5:  1461696 da724231e301fc18b0068d2b74aba6da
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06_powerpc.deb
      Size/MD5:  6938652 78e94ffbb2e24ca9f0794c412b369009
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06_powerpc.deb
      Size/MD5: 22703752 25b58fa42fb62e132fbbc29e99e91176

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06_sparc.deb
      Size/MD5:  6429614 ae9e41ae750ad73206d9561d59504c5d
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06_sparc.deb
      Size/MD5:  1433786 9e9108f42e43fbdd66fbdaa02d7990ce
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06_sparc.deb
      Size/MD5:  6535966 e909ab275b4ab5fbbc69d2f372532cf3
    http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06_sparc.deb
      Size/MD5: 21968038 43996ac14852a036d1ed8c4712f94804

    

- 漏洞信息

25987
MySQL Multibyte Encoding SQL Injection Filter Bypass
Remote / Network Access Information Disclosure, Input Manipulation
Loss of Confidentiality, Loss of Integrity
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-06-01 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

MySQL Mysql_real_escape Function SQL Injection Vulnerability
Input Validation Error 18219
Yes No
2006-06-01 12:00:00 2007-03-14 04:24:00
The vendor announced this vulnerability.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Desktop 4.0
Red Hat Enterprise Linux AS 4
MySQL AB MySQL 5.1.10
MySQL AB MySQL 5.1.9
MySQL AB MySQL 5.0.21
MySQL AB MySQL 5.0.20
MySQL AB MySQL 5.0.18
MySQL AB MySQL 5.0.4
MySQL AB MySQL 5.0.3
MySQL AB MySQL 5.0.2
MySQL AB MySQL 5.0.1
MySQL AB MySQL 5.0 .0-alpha
MySQL AB MySQL 5.0 .0-0
MySQL AB MySQL 4.1.19
MySQL AB MySQL 4.1.18
MySQL AB MySQL 4.1.13
MySQL AB MySQL 4.1.5
MySQL AB MySQL 4.1.4
MySQL AB MySQL 4.1.3 -beta
MySQL AB MySQL 4.1.3 -beta
MySQL AB MySQL 4.1.3 -0
MySQL AB MySQL 4.1.2 -alpha
MySQL AB MySQL 4.1 .11
MySQL AB MySQL 4.1.11a
MySQL AB MySQL 4.1.10a
MySQL AB MySQL 4.1.0.0-alpha
MySQL AB MySQL 4.1.0-0
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
MySQL AB MySQL 5.0.22 -1-0.1
MySQL AB MySQL 4.1.20
Apple Mac OS X Server 10.4.9

- 不受影响的程序版本

MySQL AB MySQL 5.0.22 -1-0.1
MySQL AB MySQL 4.1.20
Apple Mac OS X Server 10.4.9

- 漏洞讨论

MySQL is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise an application using a vulnerable database or to compromise the database itself.

MySQL versions prior to 5.0.22-1-0.1 and prior to 4.1.20 are vulnerable. Other versions may also be affected.

- 漏洞利用

This issue can be exploited via a web client.

- 解决方案

Versions 5.0.22-1-0.1 and 4.1.20 have been released to address this issue; please see the reference section for more information.


MySQL AB MySQL 4.1.11a

Apple Mac OS X Server 10.4

Apple Mac OS X Server 10.4.1

Apple Mac OS X Server 10.4.2

Apple Mac OS X Server 10.4.3

Apple Mac OS X Server 10.4.4

Apple Mac OS X Server 10.4.5

Apple Mac OS X Server 10.4.6

Apple Mac OS X Server 10.4.7

Apple Mac OS X Server 10.4.8

MySQL AB MySQL 4.1.13

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站