Home Database Mysql Tutorial MySQL存在权限提升及安全限制绕过漏洞_MySQL

MySQL存在权限提升及安全限制绕过漏洞_MySQL

Jun 01, 2016 pm 02:00 PM
Safety Influence promote

受影响系统:

MySQL AB MySQL


描述:

MySQL是一款使用非常广泛的开放源代码关系数据库系统,拥有各种平台的运行版本。


在MySQL上,拥有访问权限但无创建权限的用户可以创建与所访问数据库仅有名称字母大小写区别的新数据库。成功利用这个漏洞要求运行

MySQL的文件系统支持区分大小写的文件名。


此外,由于在错误的安全环境中计算了suid例程的参数,攻击者可以通过存储的例程以例程定义者的权限执行任意DML语句。成功攻击要求用户

对所存储例程拥有EXECUTE权限。


厂商补丁:

MySQL AB

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://lists.mysql.com/commits/5927

http://lists.mysql.com/commits/9122

Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot Article Tags

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

AI's new world challenges: What happened to security and privacy? AI's new world challenges: What happened to security and privacy? Mar 31, 2024 pm 06:46 PM

AI's new world challenges: What happened to security and privacy?

How should the Java framework security architecture design be balanced with business needs? How should the Java framework security architecture design be balanced with business needs? Jun 04, 2024 pm 02:53 PM

How should the Java framework security architecture design be balanced with business needs?

How to increase Douyin playback volume? Is it limited by the low playback volume? How to increase Douyin playback volume? Is it limited by the low playback volume? Mar 30, 2024 pm 10:51 PM

How to increase Douyin playback volume? Is it limited by the low playback volume?

How to implement PHP security best practices How to implement PHP security best practices May 05, 2024 am 10:51 AM

How to implement PHP security best practices

Security configuration and hardening of Struts 2 framework Security configuration and hardening of Struts 2 framework May 31, 2024 pm 10:53 PM

Security configuration and hardening of Struts 2 framework

Implementing Machine Learning Algorithms in C++: Security Considerations and Best Practices Implementing Machine Learning Algorithms in C++: Security Considerations and Best Practices Jun 01, 2024 am 09:26 AM

Implementing Machine Learning Algorithms in C++: Security Considerations and Best Practices

Will there be a market pull before the tokens are unlocked? Is token unlocking a good thing or a bad thing? Will there be a market pull before the tokens are unlocked? Is token unlocking a good thing or a bad thing? Jun 19, 2024 am 09:05 AM

Will there be a market pull before the tokens are unlocked? Is token unlocking a good thing or a bad thing?

Tips for turning off real-time protection in Windows Security Center Tips for turning off real-time protection in Windows Security Center Mar 27, 2024 pm 10:09 PM

Tips for turning off real-time protection in Windows Security Center

See all articles