MySQL Server mysqld 拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110464 漏洞类型 其他
发布时间 2006-06-14 更新时间 2007-03-14
CVE编号 CVE-2006-3081 CNNVD-ID CNNVD-200606-346
漏洞平台 Linux CVSS评分 4.0
|漏洞来源
https://www.exploit-db.com/exploits/28026
https://www.securityfocus.com/bid/18439
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200606-346
|漏洞详情
MySQL 4.1.18中的mysqld可以使远程授权用户借助对str_to_date函数的NULL第二引数,引起拒绝服务(崩溃)。
|漏洞EXP
source: http://www.securityfocus.com/bid/18439/info

MySQL is susceptible to a remote denial-of-service vulnerability. This issue is due to the database server's failure to properly handle unexpected input.

This issue allows remote attackers to crash affected database servers, denying service to legitimate users. Attackers must be able to execute arbitrary SQL statements on affected servers, which requires valid credentials to connect to affected servers.

Attackers may exploit this issue in conjunction with latent SQL-injection vulnerabilities in other applications.

Versions of MySQL prior to 4.1.18, 5.0.19, and 5.1.6 are vulnerable to this issue.


The following SQL statement will demonstrate this issue:

select str_to_date( 1, NULL );
|受影响的产品
Ubuntu Ubuntu Linux 5.10 sparc Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 MySQL AB MySQL 5.1.5 MySQL AB MySQL 5.0.18
|参考资料

来源:US-CERT
名称:TA06-208A
链接:http://www.us-cert.gov/cas/techalerts/TA06-208A.html
来源:US-CERT
名称:TA07-072A
链接:http://www.us-cert.gov/cas/techalerts/TA07-072A.html
来源:UBUNTU
名称:USN-306-1
链接:http://www.ubuntulinux.org/support/documentation/usn/usn-306-1
来源:BID
名称:18439
链接:http://www.securityfocus.com/bid/18439
来源:BUGTRAQ
名称:20060615Re:MySQLDoS
链接:http://www.securityfocus.com/archive/1/archive/1/437571/100/0/threaded
来源:BUGTRAQ
名称:20060615Re:MySQLDoS
链接:http://www.securityfocus.com/archive/1/437277
来源:BUGTRAQ
名称:20060614MySQLDoS
链接:http://www.securityfocus.com/archive/1/437145
来源:DEBIAN
名称:DSA-1112
链接:http://www.debian.org/security/2006/dsa-1112
来源:SECUNIA
名称:20871
链接:http://secunia.com/advisories/20871
来源:SECUNIA
名称:20832
链接:http://secunia.com/advisories/20832
来源:SECUNIA
名称:19929
链接:http://secunia.com/advisories/19929
来源:FULLDISC
名称:20060615MySQLDoS
链接:http://seclists.org/lists/fulldisclosure/2006/Jun/0434.html
来源:MANDRIVA
名称:MDKSA-2006:111
链接:http://frontal2.mandriva.com/security/advisori