MySQL COM_CHANGE_USER口令认证缺陷漏洞

Home

Database

Mysql Tutorial

MySQL COM_CHANGE_USER口令认证缺陷漏洞_MySQL

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 01, 2016 pm 01:55 PM

app Update time server system

发布时间：2003-01-05
更新时间：2003-01-05
严重程度：高
威胁程度：控制应用程序系统
错误类型：设计错误
利用方式：服务器模式

BUGTRAQ ID：6373
CVE(CAN) ID：CAN-2002-1374

受影响系统

MySQL AB MySQL 3.22.26
MySQL AB MySQL 3.22.27
MySQL AB MySQL 3.22.28
MySQL AB MySQL 3.22.29
MySQL AB MySQL 3.22.30
MySQL AB MySQL 3.22.32
MySQL AB MySQL 3.23.2
MySQL AB MySQL 3.23.3
MySQL AB MySQL 3.23.4
MySQL AB MySQL 3.23.5
MySQL AB MySQL 3.23.8
MySQL AB MySQL 3.23.9
MySQL AB MySQL 3.23.10
MySQL AB MySQL 3.23.23
MySQL AB MySQL 3.23.24
MySQL AB MySQL 3.23.25
MySQL AB MySQL 3.23.26
MySQL AB MySQL 3.23.27
MySQL AB MySQL 3.23.28
MySQL AB MySQL 3.23.29
MySQL AB MySQL 3.23.30
MySQL AB MySQL 3.23.31
MySQL AB MySQL 3.23.34
MySQL AB MySQL 3.23.36
MySQL AB MySQL 3.23.37
MySQL AB MySQL 3.23.38
MySQL AB MySQL 3.23.39
MySQL AB MySQL 3.23.40
MySQL AB MySQL 3.23.41
MySQL AB MySQL 3.23.42
MySQL AB MySQL 3.23.43
MySQL AB MySQL 3.23.44
MySQL AB MySQL 3.23.45
MySQL AB MySQL 3.23.46
MySQL AB MySQL 3.23.47
MySQL AB MySQL 3.23.48
MySQL AB MySQL 3.23.49
MySQL AB MySQL 3.23.50
MySQL AB MySQL 3.23.51
MySQL AB MySQL 3.23.52
MySQL AB MySQL 3.23.53 a
MySQL AB MySQL 3.23.53
MySQL AB MySQL 4.0 .0
MySQL AB MySQL 4.0.1
MySQL AB MySQL 4.0.2
MySQL AB MySQL 4.0.3
MySQL AB MySQL 4.0.5 a

详细描述
MySQL 的口令认证机制存在漏洞，利用此漏洞一个经过认证的数据库用户可以劫持其他的数据库用户帐号。漏洞的原因在于当客户端发送COM_CHANGE_USER 命令后服务器使用客户端提交的一个串来比较进行口令认证。入侵者如果能猜到其他帐号口令的第一个字母就可能以那个帐号认证成功。口令的合法字符集是32个字符，也就是说恶意用户最多只要尝试32次就能攻击成功。

解决方案
厂商已经在最新版本的软件中解决了这个安全问题，请把服务器软件升级到3.23.54及其以后版本：

http://www.mysql.com

相关信息
Advisory 04/2002: Multiple MySQL vulnerabilities
http://archives.neohapsis.com/rchives/bugtraq/2002-12/0108.html

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Assassin's Creed Shadows: Seashell Riddle Solution

3 weeks ago By DDD

What's New in Windows 11 KB5054979 & How to Fix Update Issues

2 weeks ago By DDD

Where to find the Crane Control Keycard in Atomfall

3 weeks ago By DDD

Assassin's Creed Shadows - How To Find The Blacksmith And Unlock Weapon And Armour Customisation

4 weeks ago By DDD

Roblox: Dead Rails - How To Complete Every Challenge

3 weeks ago By DDD

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7575

CakePHP Tutorial

1386

What is the format of the account name of steam

win11 activation key permanent

nyt connections hints and answers

110

Related knowledge

Unable to save changes to Photos app error in Windows 11 Mar 04, 2024 am 09:34 AM

If you encounter the Unable to save changes error while using the Photos app for image editing in Windows 11, this article will provide you with solutions. Unable to save changes. An error occurred while saving. Please try again later. This problem usually occurs due to incorrect permission settings, file corruption, or system failure. So, we’ve done some deep research and compiled some of the most effective troubleshooting steps to help you resolve this issue and ensure you can continue to use the Microsoft Photos app seamlessly on your Windows 11 device. Fix Unable to Save Changes to Photos App Error in Windows 11 Many users have been talking about Microsoft Photos app error on different forums

How to connect Apple Vision Pro to PC Apr 08, 2024 pm 09:01 PM

The Apple Vision Pro headset is not natively compatible with computers, so you must configure it to connect to a Windows computer. Since its launch, Apple Vision Pro has been a hit, and with its cutting-edge features and extensive operability, it's easy to see why. Although you can make some adjustments to it to suit your PC, and its functionality depends heavily on AppleOS, so its functionality will be limited. How do I connect AppleVisionPro to my computer? 1. Verify system requirements You need the latest version of Windows 11 (Custom PCs and Surface devices are not supported) Support 64-bit 2GHZ or faster fast processor High-performance GPU, most

MS Paint not working properly in Windows 11 Mar 09, 2024 am 09:52 AM

Microsoft Paint not working in Windows 11/10? Well, this seems to be a common problem and we have some great solutions to fix it. Users have been complaining that when trying to use MSPaint, it doesn't work or open. Scrollbars in the app don't work, paste icons don't show up, crashes, etc. Luckily, we've collected some of the most effective troubleshooting methods to help you resolve issues with Microsoft Paint app. Why doesn't Microsoft Paint work? Some possible reasons why MSPaint is not working on Windows 11/10 PC are as follows: The security identifier is corrupted. hung system

CUDA's universal matrix multiplication: from entry to proficiency! Mar 25, 2024 pm 12:30 PM

General Matrix Multiplication (GEMM) is a vital part of many applications and algorithms, and is also one of the important indicators for evaluating computer hardware performance. In-depth research and optimization of the implementation of GEMM can help us better understand high-performance computing and the relationship between software and hardware systems. In computer science, effective optimization of GEMM can increase computing speed and save resources, which is crucial to improving the overall performance of a computer system. An in-depth understanding of the working principle and optimization method of GEMM will help us better utilize the potential of modern computing hardware and provide more efficient solutions for various complex computing tasks. By optimizing the performance of GEMM

Shazam app not working in iPhone: Fix Jun 08, 2024 pm 12:36 PM

Having issues with the Shazam app on iPhone? Shazam helps you find songs by listening to them. However, if Shazam isn't working properly or doesn't recognize the song, you'll have to troubleshoot it manually. Repairing the Shazam app won't take long. So, without wasting any more time, follow the steps below to resolve issues with Shazam app. Fix 1 – Disable Bold Text Feature Bold text on iPhone may be the reason why Shazam is not working properly. Step 1 – You can only do this from your iPhone settings. So, open it. Step 2 – Next, open the “Display & Brightness” settings there. Step 3 – If you find that “Bold Text” is enabled

Huawei's Qiankun ADS3.0 intelligent driving system will be launched in August and will be launched on Xiangjie S9 for the first time Jul 30, 2024 pm 02:17 PM

On July 29, at the roll-off ceremony of AITO Wenjie's 400,000th new car, Yu Chengdong, Huawei's Managing Director, Chairman of Terminal BG, and Chairman of Smart Car Solutions BU, attended and delivered a speech and announced that Wenjie series models will be launched this year In August, Huawei Qiankun ADS 3.0 version was launched, and it is planned to successively push upgrades from August to September. The Xiangjie S9, which will be released on August 6, will debut Huawei’s ADS3.0 intelligent driving system. With the assistance of lidar, Huawei Qiankun ADS3.0 version will greatly improve its intelligent driving capabilities, have end-to-end integrated capabilities, and adopt a new end-to-end architecture of GOD (general obstacle identification)/PDP (predictive decision-making and control) , providing the NCA function of smart driving from parking space to parking space, and upgrading CAS3.0

Move photos from old Photos to the new Photos app in Windows 11 Mar 10, 2024 am 09:37 AM

This article will guide you on how to migrate photos from Photos Legacy to the new Photos app in Windows 11. Microsoft has introduced a revamped Photos app in Windows 11, giving users a simpler and more feature-rich experience. The new Photos app sorts photos differently than the past PhotosLegacy app. It organizes photos into folders like other Windows files instead of creating albums. However, users still using the Photos Legacy app can easily migrate their photos to the new version of Microsoft Photos. What is Phot

How to configure Dnsmasq as a DHCP relay server Mar 21, 2024 am 08:50 AM

The role of a DHCP relay is to forward received DHCP packets to another DHCP server on the network, even if the two servers are on different subnets. By using a DHCP relay, you can deploy a centralized DHCP server in the network center and use it to dynamically assign IP addresses to all network subnets/VLANs. Dnsmasq is a commonly used DNS and DHCP protocol server that can be configured as a DHCP relay server to help manage dynamic host configurations in the network. In this article, we will show you how to configure dnsmasq as a DHCP relay server. Content Topics: Network Topology Configuring Static IP Addresses on a DHCP Relay D on a Centralized DHCP Server

See all articles