MySQL不安全临时文件建立漏洞_MySQL
Jun 01, 2016 pm 02:11 PM
Safety
Establish
Report
attack
local
loopholes
system
mistake
受影响系统:
MySQL AB MySQL 4.1.0-alpha
MySQL AB MySQL 4.1.0
MySQL AB MySQL 4.0.9
MySQL AB MySQL 4.0.8
MySQL AB MySQL 4.0.7
MySQL AB MySQL 4.0.6
MySQL AB MySQL 4.0.5a
MySQL AB MySQL 4.0.5
MySQL AB MySQL 4.0.4
MySQL AB MySQL 4.0.3
MySQL AB MySQL 4.0.2
MySQL AB MySQL 4.0.15
MySQL AB MySQL 4.0.14
MySQL AB MySQL 4.0.13
MySQL AB MySQL 4.0.12
MySQL AB MySQL 4.0.11
MySQL AB MySQL 4.0.10
MySQL AB MySQL 4.0.1
MySQL AB MySQL 4.0.0
MySQL AB MySQL 3.23.9
MySQL AB MySQL 3.23.8
MySQL AB MySQL 3.23.57
MySQL AB MySQL 3.23.56
MySQL AB MySQL 3.23.55
MySQL AB MySQL 3.23.54
MySQL AB MySQL 3.23.53a
MySQL AB MySQL 3.23.53
MySQL AB MySQL 3.23.52
MySQL AB MySQL 3.23.51
MySQL AB MySQL 3.23.50
MySQL AB MySQL 3.23.5
MySQL AB MySQL 3.23.48
MySQL AB MySQL 3.23.47
MySQL AB MySQL 3.23.46
MySQL AB MySQL 3.23.45
MySQL AB MySQL 3.23.44
MySQL AB MySQL 3.23.43
MySQL AB MySQL 3.23.42
MySQL AB MySQL 3.23.41
MySQL AB MySQL 3.23.40
MySQL AB MySQL 3.23.4
MySQL AB MySQL 3.23.39
MySQL AB MySQL 3.23.38
MySQL AB MySQL 3.23.37
MySQL AB MySQL 3.23.36
MySQL AB MySQL 3.23.34
MySQL AB MySQL 3.23.31
MySQL AB MySQL 3.23.30
MySQL AB MySQL 3.23.3
MySQL AB MySQL 3.23.29
MySQL AB MySQL 3.23.28 gamma
MySQL AB MySQL 3.23.28
MySQL AB MySQL 3.23.27
MySQL AB MySQL 3.23.26
MySQL AB MySQL 3.23.25
MySQL AB MySQL 3.23.24
MySQL AB MySQL 3.23.23
MySQL AB MySQL 3.23.2
MySQL AB MySQL 3.23.10
MySQL AB MySQL 3.22.32
MySQL AB MySQL 3.22.30
MySQL AB MySQL 3.22.29
MySQL AB MySQL 3.22.28
MySQL AB MySQL 3.22.27
MySQL AB MySQL 3.22.26
MySQL AB MySQL 3.20.32a
MySQL AB MySQL 3.23.49
- Debian Linux 3.0
- Mandrake Linux 9.0
- Mandrake Linux 8.2
- Mandrake Linux 8.1
- RedHat Linux 7.3
- RedHat Linux 7.2
- SuSE Linux 8.2
- SuSE Linux 8.1
详细描述:
MySQL是一款开放源代码关系型数据库系统。MySQL错误报告工具(mysqlbug)不安全建立临时文件,本地攻击者可以利用这个漏洞破坏系统任意文件内容,造成拒绝服务攻击。
mysqlbug是错误报告脚本,运行时会启动文本编辑器,用户会被提示使用模板写入他们的错误报告。问题存在与脚本在处理用户简单的退出文本编辑器而没有更改漏洞报告的情况下,mysqlbug会执行如下代码:
--
if cmp -s $TEMP $TEMP.x
then
echo "File not changed, no bug report submitted."
cp $TEMP /tmp/failed-mysql-bugreport
echo "The raw bug report exists in
/tmp/failed-mysql-bugreport"
echo "If you use this remember that the first lines
of the report now
is a lie
.."
exit 1
fi
--
会以静态文件名建立临时文件,因此攻击者可以建立符号连接,当其他用户调用错误调试时,可导致连接的目标文件被破坏,本地攻击者可以利用这个漏洞对本地系统进行拒绝服务攻击。
补丁下载:
http://www.mysql.com/doc/en/Installing_source_tree.html
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Hot Article
How Long Does It Take To Beat Split Fiction?
3 weeks ago
By DDD
Repo: How To Revive Teammates
3 weeks ago
By 尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
3 weeks ago
By 尊渡假赌尊渡假赌尊渡假赌
Difficulty in updating caching of official account web pages: How to avoid the old cache affecting the user experience after version update?
3 weeks ago
By 王林
Two Point Museum: All Exhibits And Where To Find Them
3 weeks ago
By 尊渡假赌尊渡假赌尊渡假赌
Hot tools Tags
Hot Article
How Long Does It Take To Beat Split Fiction?
3 weeks ago
By DDD
Repo: How To Revive Teammates
3 weeks ago
By 尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
3 weeks ago
By 尊渡假赌尊渡假赌尊渡假赌
Difficulty in updating caching of official account web pages: How to avoid the old cache affecting the user experience after version update?
3 weeks ago
By 王林
Two Point Museum: All Exhibits And Where To Find Them
3 weeks ago
By 尊渡假赌尊渡假赌尊渡假赌
Hot Article Tags
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Solution to Windows Update prompt Error 0x8024401c error
Jun 08, 2024 pm 12:18 PM
Solution to Windows Update prompt Error 0x8024401c error
Huawei's Qiankun ADS3.0 intelligent driving system will be launched in August and will be launched on Xiangjie S9 for the first time
Jul 30, 2024 pm 02:17 PM
Huawei's Qiankun ADS3.0 intelligent driving system will be launched in August and will be launched on Xiangjie S9 for the first time
Always new! Huawei Mate60 series upgrades to HarmonyOS 4.2: AI cloud enhancement, Xiaoyi Dialect is so easy to use
Jun 02, 2024 pm 02:58 PM
Always new! Huawei Mate60 series upgrades to HarmonyOS 4.2: AI cloud enhancement, Xiaoyi Dialect is so easy to use
How should the Java framework security architecture design be balanced with business needs?
Jun 04, 2024 pm 02:53 PM
How should the Java framework security architecture design be balanced with business needs?
Huawei will launch the Xuanji sensing system in the field of smart wearables, which can assess the user's emotional state based on heart rate
Aug 29, 2024 pm 03:30 PM
Huawei will launch the Xuanji sensing system in the field of smart wearables, which can assess the user's emotional state based on heart rate
Security configuration and hardening of Struts 2 framework
May 31, 2024 pm 10:53 PM
Security configuration and hardening of Struts 2 framework
Implementing Machine Learning Algorithms in C++: Security Considerations and Best Practices
Jun 01, 2024 am 09:26 AM
Implementing Machine Learning Algorithms in C++: Security Considerations and Best Practices
How to implement PHP security best practices
May 05, 2024 am 10:51 AM
How to implement PHP security best practices
