漏洞信息详情
Auth2DB SQL注入漏洞
- CNNVD编号:CNNVD-200904-009
- 危害等级: 高危
- CVE编号: CVE-2009-1208
- 漏洞类型: SQL注入
- 发布时间: 2009-04-01
- 威胁类型: 远程
- 更新时间: 2009-04-02
- 厂 商: auth2db
- 漏洞来源: Unknown
漏洞简介
auth2db 0.2.5版本以及0.2.7之前的其他版本存在SQL注入漏洞。该漏洞会采用addslashes函数而不是mysql_real_escape_string函数,这使得远程攻击者可以通过使用多byte的字符编码,执行SQL注入攻击。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Debian Linux 5.0 hppa
Debian auth2db-common_0.2.5-2+dfsg-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/a/auth2db/auth2db-common_0.2.5-2+dfsg-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/a/auth2db/auth2db-filters_0.2.5-2+dfsg-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/a/auth2db/auth2db-frontend_0.2.5-2+dfsg-1+lenny1_all.deb
Debian auth2db_0.2.5-2+dfsg-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/a/auth2db/auth2db_0.2.5-2+dfsg-1+lenny1_all.deb
Debian Linux 5.0 ia-64
Debian auth2db-common_0.2.5-2+dfsg-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/a/auth2db/auth2db-common_0.2.5-2+dfsg-1+lenny1_all.deb
Debian auth2db-filters_0.2.5-2+dfsg-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/a/auth2db/auth2db-filters_0.2.5-2+dfsg-1+lenny1_all.deb
Debian auth2db-frontend_0.2.5-2+dfsg-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/a/auth2db/auth2db-frontend_0.2.5-2+dfsg-1+lenny1_all.deb
Debian auth2db_0.2.5-2+dfsg-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/a/auth2db/auth2db_0.2.5-2+dfsg-1+lenny1_all.deb
Debian Linux 5.0 m68k
Debian auth2db-common_0.2.5-2+dfsg-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/a/auth2db/auth2db-common_0.2.5-2+dfsg-1+lenny1_all.deb
Debian auth2db-filters_0.2.5-2+dfsg-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/a/auth2db/auth2db-filters_0.2.5-2+dfsg-1+lenny1_all.deb
Debian auth2db-frontend_0.2.5-2+dfsg-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/a/auth2db/auth2db-frontend_0.2.5-2+dfsg-1+lenny1_all.deb
Debian auth2db_0.2.5-2+dfsg-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/a/auth2db/auth2db_0.2.5-2+dfsg-1+lenny1_all.deb
Debian Linux 5.0 arm
Debian auth2db-common_0.2.5-2+dfsg-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/a/auth2db/auth2db-common_0.2.5-2+dfsg-1+lenny1_all.deb
Debian auth2db-filters_0.2.5-2+dfsg-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/a/auth2db/auth2db-filters_0.2.5-2+dfsg-1+lenny1_all.deb
Debian auth2db-frontend_0.2.5-2+dfsg-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/a/auth2db/auth2db-frontend_0.2.5-2+dfsg-1+lenny1_all.deb
Debian auth2db_0.2.5-2+dfsg-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/a/auth2db/auth2db_0.2.5-2+dfsg-1+lenny1_all.deb
Debian Linux 5.0 armel
Debian auth2db-common_0.2.5-2+dfsg-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/a/auth2db/auth2db-common_0.2.5-2+dfsg-1+lenny1_all.deb
Debian auth2db-filters_0.2.5-2+dfsg-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/a/auth2db/auth2db-filters_0.2.5-2+dfsg-1+lenny1_all.deb
Debian auth2db-frontend_0.2.5-2+dfsg-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/a/auth2db/auth2db-frontend_0.2.5-2+dfsg-1+lenny1_all.deb
Debian auth2db_0.2.5-2+dfsg-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/a/auth2db/auth2db_0.2.5-2+dfsg-1+lenny1_all.deb
Debian Linux 5.0
Debian auth2db-common_0.2.5-2+dfsg-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/a/auth2db/auth2db-common_0.2.5-2+dfsg-1+lenny1_all.deb
Debian auth2db-filters_0.2.5-2+dfsg-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/a/auth2db/auth2db-filters_0.2.5-2+dfsg-1+lenny1_all.deb
Debian auth2db-frontend_0.2.5-2+dfsg-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/a/auth2db/auth2db-frontend_0.2.5-2+dfsg-1+lenny1_all.deb
Debian auth2db_0.2.5-2+dfsg-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/a/auth2db/auth2db_0.2.5-2+dfsg-1+lenny1_all.deb
Debian Linux 5.0 amd64
Debian auth2db-common_0.2.5-2+dfsg-1+lenny1_all.deb
http://security.debian.org/pool/updates/main/a/auth2db/auth2db-common_0.2.5-2+dfsg-1+lenny1_all.deb
Debian auth2db-filters_0.2.5-2+dfsg-1+lenny1_all.deb
http://secur
参考网址
来源: DEBIAN
名称: DSA-1757
链接: http://www.debian.org/security/2009/dsa-1757
来源: bugs.debian.org
链接: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521823
来源: XF
名称: auth2db-unspecified-sql-injection(49518)
链接: http://xforce.iss.net/xforce/xfdb/49518
来源: BID
名称: 34287
链接: http://www.securityfocus.com/bid/34287
来源: www.auth2db.com.ar
链接: http://www.auth2db.com.ar/?title=CHANGELOG
来源: SECUNIA
名称: 34488
链接: http://secunia.com/advisories/34488
受影响实体
- Auth2db Auth2db:0.2.4
- Auth2db Auth2db:0.2.2
- Auth2db Auth2db:0.2.1
- Auth2db Auth2db:0.2.0
- Auth2db Auth2db:0.1.8
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论