Auth2DB SQL注入漏洞

admin

0
文章

0
评论

2022-07-19 17:06:26 CNNVD漏洞来源：ZONE.CI 全球网 0 阅读模式

漏洞信息详情

Auth2DB SQL注入漏洞

CNNVD编号：CNNVD-200904-009
危害等级：高危
CVE编号： CVE-2009-1208
漏洞类型： SQL注入
发布时间： 2009-04-01
威胁类型：远程
更新时间： 2009-04-02
厂商： auth2db
漏洞来源： Unknown

漏洞简介

auth2db 0.2.5版本以及0.2.7之前的其他版本存在SQL注入漏洞。该漏洞会采用addslashes函数而不是mysql_real_escape_string函数，这使得远程攻击者可以通过使用多byte的字符编码，执行SQL注入攻击。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

Debian Linux 5.0 hppa

Debian auth2db-common_0.2.5-2+dfsg-1+lenny1_all.deb

http://security.debian.org/pool/updates/main/a/auth2db/auth2db-common_0.2.5-2+dfsg-1+lenny1_all.deb

http://security.debian.org/pool/updates/main/a/auth2db/auth2db-filters_0.2.5-2+dfsg-1+lenny1_all.deb

http://security.debian.org/pool/updates/main/a/auth2db/auth2db-frontend_0.2.5-2+dfsg-1+lenny1_all.deb

Debian auth2db_0.2.5-2+dfsg-1+lenny1_all.deb

http://security.debian.org/pool/updates/main/a/auth2db/auth2db_0.2.5-2+dfsg-1+lenny1_all.deb

Debian Linux 5.0 ia-64

Debian auth2db-common_0.2.5-2+dfsg-1+lenny1_all.deb

http://security.debian.org/pool/updates/main/a/auth2db/auth2db-common_0.2.5-2+dfsg-1+lenny1_all.deb

Debian auth2db-filters_0.2.5-2+dfsg-1+lenny1_all.deb

http://security.debian.org/pool/updates/main/a/auth2db/auth2db-filters_0.2.5-2+dfsg-1+lenny1_all.deb

Debian auth2db-frontend_0.2.5-2+dfsg-1+lenny1_all.deb

http://security.debian.org/pool/updates/main/a/auth2db/auth2db-frontend_0.2.5-2+dfsg-1+lenny1_all.deb

Debian auth2db_0.2.5-2+dfsg-1+lenny1_all.deb

http://security.debian.org/pool/updates/main/a/auth2db/auth2db_0.2.5-2+dfsg-1+lenny1_all.deb

Debian Linux 5.0 m68k

Debian auth2db-common_0.2.5-2+dfsg-1+lenny1_all.deb

http://security.debian.org/pool/updates/main/a/auth2db/auth2db-common_0.2.5-2+dfsg-1+lenny1_all.deb

Debian auth2db-filters_0.2.5-2+dfsg-1+lenny1_all.deb

http://security.debian.org/pool/updates/main/a/auth2db/auth2db-filters_0.2.5-2+dfsg-1+lenny1_all.deb

Debian auth2db-frontend_0.2.5-2+dfsg-1+lenny1_all.deb

http://security.debian.org/pool/updates/main/a/auth2db/auth2db-frontend_0.2.5-2+dfsg-1+lenny1_all.deb

Debian auth2db_0.2.5-2+dfsg-1+lenny1_all.deb

http://security.debian.org/pool/updates/main/a/auth2db/auth2db_0.2.5-2+dfsg-1+lenny1_all.deb

Debian Linux 5.0 arm

Debian auth2db-common_0.2.5-2+dfsg-1+lenny1_all.deb

http://security.debian.org/pool/updates/main/a/auth2db/auth2db-common_0.2.5-2+dfsg-1+lenny1_all.deb

Debian auth2db-filters_0.2.5-2+dfsg-1+lenny1_all.deb

http://security.debian.org/pool/updates/main/a/auth2db/auth2db-filters_0.2.5-2+dfsg-1+lenny1_all.deb

Debian auth2db-frontend_0.2.5-2+dfsg-1+lenny1_all.deb

http://security.debian.org/pool/updates/main/a/auth2db/auth2db-frontend_0.2.5-2+dfsg-1+lenny1_all.deb

Debian auth2db_0.2.5-2+dfsg-1+lenny1_all.deb

http://security.debian.org/pool/updates/main/a/auth2db/auth2db_0.2.5-2+dfsg-1+lenny1_all.deb

Debian Linux 5.0 armel

Debian auth2db-common_0.2.5-2+dfsg-1+lenny1_all.deb

http://security.debian.org/pool/updates/main/a/auth2db/auth2db-common_0.2.5-2+dfsg-1+lenny1_all.deb

Debian auth2db-filters_0.2.5-2+dfsg-1+lenny1_all.deb

http://security.debian.org/pool/updates/main/a/auth2db/auth2db-filters_0.2.5-2+dfsg-1+lenny1_all.deb

Debian auth2db-frontend_0.2.5-2+dfsg-1+lenny1_all.deb

http://security.debian.org/pool/updates/main/a/auth2db/auth2db-frontend_0.2.5-2+dfsg-1+lenny1_all.deb

Debian auth2db_0.2.5-2+dfsg-1+lenny1_all.deb

http://security.debian.org/pool/updates/main/a/auth2db/auth2db_0.2.5-2+dfsg-1+lenny1_all.deb

Debian Linux 5.0

Debian auth2db-common_0.2.5-2+dfsg-1+lenny1_all.deb

http://security.debian.org/pool/updates/main/a/auth2db/auth2db-common_0.2.5-2+dfsg-1+lenny1_all.deb

Debian auth2db-filters_0.2.5-2+dfsg-1+lenny1_all.deb

http://security.debian.org/pool/updates/main/a/auth2db/auth2db-filters_0.2.5-2+dfsg-1+lenny1_all.deb

Debian auth2db-frontend_0.2.5-2+dfsg-1+lenny1_all.deb

http://security.debian.org/pool/updates/main/a/auth2db/auth2db-frontend_0.2.5-2+dfsg-1+lenny1_all.deb

Debian auth2db_0.2.5-2+dfsg-1+lenny1_all.deb

http://security.debian.org/pool/updates/main/a/auth2db/auth2db_0.2.5-2+dfsg-1+lenny1_all.deb

Debian Linux 5.0 amd64

Debian auth2db-common_0.2.5-2+dfsg-1+lenny1_all.deb

http://security.debian.org/pool/updates/main/a/auth2db/auth2db-common_0.2.5-2+dfsg-1+lenny1_all.deb

Debian auth2db-filters_0.2.5-2+dfsg-1+lenny1_all.deb

http://secur

参考网址

来源: DEBIAN

名称: DSA-1757

链接: http://www.debian.org/security/2009/dsa-1757

来源: bugs.debian.org

链接: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521823

来源: XF

名称: auth2db-unspecified-sql-injection(49518)

链接: http://xforce.iss.net/xforce/xfdb/49518

来源: BID

名称: 34287

链接: http://www.securityfocus.com/bid/34287

来源: www.auth2db.com.ar

链接: http://www.auth2db.com.ar/?title=CHANGELOG

来源: SECUNIA

名称: 34488

链接: http://secunia.com/advisories/34488

受影响实体

Auth2db Auth2db:0.2.4
Auth2db Auth2db:0.2.2
Auth2db Auth2db:0.2.1
Auth2db Auth2db:0.2.0
Auth2db Auth2db:0.1.8

补丁

暂无

特别声明

本站(ZONE.CI)所有文章仅供技术研究，若将其信息做其他用途，由用户承担全部法律及连带责任，本站不承担任何法律及连带责任，请遵守中华人民共和国安全法.

ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带

咨询加Q：999999999

ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带

ZONE.CI 全球网安全领域涉猎者-乌云独行地带

ZONE.CI 全球网

Plugins

WordPress

Web前端

设计资源

Auth2DB SQL注入漏洞

漏洞信息详情

Auth2DB SQL注入漏洞

漏洞简介

漏洞公告

参考网址

受影响实体

补丁

Auth2DB SQL注入漏洞

Funscripts 'Red_Reservations'脚本权限许可和访问控制漏洞

MapServer 路径遍历漏洞

MapServer 信息泄露漏洞

MapServer 输入验证错误漏洞

IBM WebSphere Application Server JAX-RPC WS-Security 输入验证漏洞

IBM WebSphere Application Server XML digital-signature未明安全问题漏洞

Mapserver 缓冲区错误漏洞

Banshee-project Banshee'apps/web/vs_diag.cgi'跨站脚本攻击漏洞

MapServer 缓冲区错误漏洞

ZONE.CI 全球网