安装达梦 8.1.2.192,mybatis-3.4.2.jar文件 高危漏洞 CVE-2020-26945 测试mybatis-3.5.13.jar替换可用
文件位置在/dm/dmdbms/tool/dropins/com.dameng/plugins/com.dameng.third/ mybatis-3.4.2.jar
一、漏洞描述:
CVE 编号 CVE-2020-26945
影响范围 Mybatis < 3.5.6
修复建议 目前厂商已发布升级补丁修复漏洞,请受影响用户尽快进行升级加固。补丁获取链接:
https://github.com/mybatis/mybatis-3
1、工信部CVE信息查询:
2、NIST CVE信息查询:
二、涉及文件在tool下,为达梦图形界面工具目录
具体目录信息
[root@dem tool]# ls
analyzer console.bmp dropins log4j.xml nca.sh templates
analyzer.bmp dbca.sh dts manager p2 version.sh
backup.xml disql dts.bmp manager.bmp plugins workspace
configuration dmagent dts.xml monitor restore.xml
console dmservice.sh dts_cmd_run.sh monitor.bmp server_connection.xml
[dmdba@dem com.dameng.third]$ pwd
/dm/dmdbms/tool/dropins/com.dameng/plugins/com.dameng.third
漏洞文件所在目录信息:
[dmdba@dem com.dameng.third]$ ls -ltr
total 49208
drwxr-xr-x 2 dmdba dmdba 25 Mar 22 11:22 META-INF
-rwxr-xr-x 1 dmdba dmdba 444110 Mar 22 11:22 bsf.jar
-rwxr-xr-x 1 dmdba dmdba 281937 Mar 22 11:22 bsh.jar
-rwxr-xr-x 1 dmdba dmdba 632424 Mar 22 11:22 commons-compress-1.20.jar
-rwxr-xr-x 1 dmdba dmdba 61829 Mar 22 11:22 commons-logging-1.2.jar
-rwxr-xr-x 1 dmdba dmdba 280983 Mar 22 11:22 commons-net-3.3.jar
-rwxr-xr-x 1 dmdba dmdba 83064 Mar 22 11:22 disruptor-3.4.2.jar
-rwxr-xr-x 1 dmdba dmdba 898041 Mar 22 11:22 dmoshi-6.1.6.jar
-rwxr-xr-x 1 dmdba dmdba 313898 Mar 22 11:22 dom4j-1.6.1.jar
-rwxr-xr-x 1 dmdba dmdba 63292 Mar 22 11:22 eddsa-0.3.0.jar
-rwxr-xr-x 1 dmdba dmdba 1715750 Mar 22 11:22 freemarker-2.3.31.jar
-rwxr-xr-x 1 dmdba dmdba 244831 Mar 22 11:22 ganymed-ssh2-build210.jar
-rwxr-xr-x 1 dmdba dmdba 231952 Mar 22 11:22 gson-2.8.0.jar
-rwxr-xr-x 1 dmdba dmdba 780321 Mar 22 11:22 httpclient-4.5.13.jar
-rwxr-xr-x 1 dmdba dmdba 328593 Mar 22 11:22 httpcore-4.4.13.jar
-rwxr-xr-x 1 dmdba dmdba 85038 Mar 22 11:22 ibatis2-common-2.1.7.597.jar
-rwxr-xr-x 1 dmdba dmdba 304649 Mar 22 11:22 ibatis2-sqlmap-2.1.7.597.jar
-rwxr-xr-x 1 dmdba dmdba 18629 Mar 22 11:22 java-iso-tools.jar
-rwxr-xr-x 1 dmdba dmdba 244330 Mar 22 11:22 jaxen-1.1-beta-6.jar
-rwxr-xr-x 1 dmdba dmdba 330246 Mar 22 11:22 jcommon-1.0.23.jar
-rwxr-xr-x 1 dmdba dmdba 1570157 Mar 22 11:22 jfreechart-1.0.19.jar
-rwxr-xr-x 1 dmdba dmdba 1825174 Mar 22 11:22 jna-5.11.0.jar
-rwxr-xr-x 1 dmdba dmdba 1352301 Mar 22 11:22 jna-platform-5.11.0.jar
-rwxr-xr-x 1 dmdba dmdba 813521 Mar 22 11:22 js.jar
-rwxr-xr-x 1 dmdba dmdba 725735 Mar 22 11:22 jxl.jar
-rwxr-xr-x 1 dmdba dmdba 69578 Mar 22 11:22 jzlib-1.1.1.jar
-rwxr-xr-x 1 dmdba dmdba 315114 Mar 22 11:22 log4j-api-2.18.0.jar
-rwxr-xr-x 1 dmdba dmdba 1861442 Mar 22 11:22 log4j-core-2.18.0.jar
-rwxr-xr-x 1 dmdba dmdba 447676 Mar 22 11:22 mail.jar
-rwxr-xr-x 1 dmdba dmdba 1592620 Mar 22 11:22 mybatis-3.4.2.jar
-rwxr-xr-x 1 dmdba dmdba 1820323 Mar 22 11:22 poi-3.8-20120326.jar
-rwxr-xr-x 1 dmdba dmdba 933010 Mar 22 11:22 poi-ooxml-3.8-20120326.jar
-rwxr-xr-x 1 dmdba dmdba 4706775 Mar 22 11:22 poi-ooxml-schemas-3.8-20120326.jar
-rwxr-xr-x 1 dmdba dmdba 1186887 Mar 22 11:22 poi-scratchpad-3.8-20120326.jar
-rwxr-xr-x 1 dmdba dmdba 88209 Mar 22 11:22 servlet-api.jar
-rwxr-xr-x 1 dmdba dmdba 29257 Mar 22 11:22 slf4j-api-1.7.7.jar
-rwxr-xr-x 1 dmdba dmdba 10683 Mar 22 11:22 slf4j-simple-1.7.7.jar
-rwxr-xr-x 1 dmdba dmdba 2027883 Mar 22 11:22 snappy-java-1.1.7.jar
-rwxr-xr-x 1 dmdba dmdba 559891 Mar 22 11:22 sshj-0.33.0.jar
-rwxr-xr-x 1 dmdba dmdba 18363611 Mar 22 11:22 tools.jar
-rwxr-xr-x 1 dmdba dmdba 2665042 Mar 22 11:22 xmlbeans-2.3.0.jar
三、模拟删除测试
1、 模拟删除操作:
[dmdba@dem com.dameng.third]$ mv mybatis-3.4.2.jar /dm
2、图形界面工具一闪即退或hang
删除文件测试,缺少该文件后,tool中出dbca.sh外,
其它图形界面工具(console/manager/monitor/analyzer)均不能启动,图形界面一闪即退或hang(显示图标后立即退或hang)。
manager 一闪即hang ,strace 跟踪显示FUTEX_WAIT。
[root@dem com.dameng.third]# ps -ef|grep manager
dmdba 3337 1 0 09:00 ? 00:03:23 /usr/bin/java -Djava.util.logging.config.file=/dm/tomcat8/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Xms2048m -Xmx2048m -server -Djava.library.path=/dm/dmdbms/bin:/dm/tomcat8/lib -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 -Dignore.endorsed.dirs= -classpath /dm/tomcat8/bin/bootstrap.jar:/dm/tomcat8/bin/tomcat-juli.jar -Dcatalina.base=/dm/tomcat8 -Dcatalina.home=/dm/tomcat8 -Djava.io.tmpdir=/dm/tomcat8/temp org.apache.catalina.startup.Bootstrap start
dmdba 49160 48869 0 12:33 ? 00:00:00 mate-power-manager
dmdba 79305 49457 0 15:04 pts/2 00:00:00 /bin/sh ./manager
dmdba 79309 79305 8 15:04 pts/2 00:00:03 /dm/dmdbms/jdk/bin/java -Xms256m -Xmx2048m -XX:+PerfDisableSharedMem -DDM_HOME=/dm/dmdbms -Djava.library.path=/dm/dmdbms/bin -Ddameng.log.file=/dm/dmdbms/tool/log4j.xml -DeclipseHome=/dm/dmdbms/tool -Dosgi.nl=en_US -Ddameng.dts.explorer.root=/dm/dmdbms/tool/workspace/local/dts -Ddameng.isql.explorer.root=/dm/dmdbms/tool/workspace/local/isql -Duse_bak2=true -Dgrant_vti_role=false -Dapp.name=manager -jar /dm/dmdbms/tool/plugins/org.eclipse.equinox.launcher_1.1.1.R36x_v20101122_1400.jar -os linux -ws gtk -arch x86_64 -showsplash /dm/dmdbms/tool/manager.bmp -data /dm/dmdbms/tool/workspace/manager -product com.dameng.manager.product -name Manager
root 79381 73351 0 15:04 pts/4 00:00:00 grep manager
[root@dem com.dameng.third]# strace -p 79309
strace: Process 79309 attached
futex(0x7f8a330669d0, FUTEX_WAIT, 79310, NULL
console 一闪即退:
四、最新版mybatis的Jar包测试
1、最新版mybatis的Jar包
下载目录 https://github.com/mybatis/mybatis-3/releases
2、 提取其中的mybatis-3.5.13.jar包复制指定目录
下载 mybatis-3.5.13.zip,提取其中的mybatis-3.5.13.jar包,拷贝到目录
/dm/dmdbms/tool/dropins/com.dameng/plugins/com.dameng.third/
3、修改文件 META-INF/MANIFEST.MF
把该文件第32行,由
32 mybatis-3.4.2.jar,
改为:
32 mybatis-3.5.13.jar,
修改后文件:
[root@dem com.dameng.third]# cd META-INF/
[root@dem META-INF]# ls
MANIFEST.MF
[root@dem META-INF]# cat -n MANIFEST.MF
1 Manifest-Version: 1.0
2 Bundle-ManifestVersion: 2
3 Bundle-Name: com.dameng.third
4 Bundle-SymbolicName: com.dameng.third
5 Bundle-Version: 8.0.0
6 Bundle-Vendor: dameng.com
7 Bundle-RequiredExecutionEnvironment: JavaSE-1.6
8 Bundle-ClassPath: bsf.jar,
9 bsh.jar,
10 js.jar,
11 jxl.jar,
12 dom4j-1.6.1.jar,
13 xmlbeans-2.3.0.jar,
14 poi-scratchpad-3.8-20120326.jar,
15 .,
16 poi-3.8-20120326.jar,
17 poi-ooxml-3.8-20120326.jar,
18 poi-ooxml-schemas-3.8-20120326.jar,
19 jaxen-1.1-beta-6.jar,
20 ganymed-ssh2-build210.jar,
21 jcommon-1.0.23.jar,
22 jfreechart-1.0.19.jar,
23 commons-net-3.3.jar,
24 commons-logging-1.2.jar,
25 jzlib-1.1.1.jar,
26 snappy-java-1.1.7.jar,
27 log4j-api-2.18.0.jar,
28 log4j-core-2.18.0.jar,
29 disruptor-3.4.2.jar,
30 ibatis2-common-2.1.7.597.jar,
31 ibatis2-sqlmap-2.1.7.597.jar,
32 mybatis-3.5.13.jar,
33 tools.jar
34 Export-Package: bsh,
35 ch.ethz.ssh2,
36 com.ibatis.sqlmap.engine.builder.xml,
37 com.ibatis.sqlmap.engine.mapping.sql,
38 com.ibatis.sqlmap.engine.mapping.statement,
39 com.ibatis.sqlmap.engine.scope,
40 com.jcraft.jzlib,
41 com.sun.source.tree,
42 com.sun.tools.javac.api,
43 com.sun.tools.javac.file,
44 com.sun.tools.javac.tree,
45 com.sun.tools.javac.util,
46 jxl,
47 jxl.biff,
48 jxl.format,
49 jxl.read.biff,
50 jxl.write,
51 jxl.write.biff,
52 org.apache.commons.logging,
53 org.apache.commons.logging.impl,
54 org.apache.ibatis.builder,
55 org.apache.ibatis.builder.xml,
56 org.apache.ibatis.mapping,
57 org.apache.ibatis.parsing,
58 org.apache.ibatis.scripting,
59 org.apache.ibatis.scripting.xmltags,
60 org.apache.ibatis.session,
61 org.apache.ibatis.session.defaults,
62 org.apache.logging.log4j,
63 org.apache.logging.log4j.core,
64 org.apache.poi,
65 org.apache.poi.hssf.usermodel,
66 org.apache.poi.hssf.util,
67 org.apache.poi.hwpf,
68 org.apache.poi.hwpf.converter,
69 org.apache.poi.hwpf.usermodel,
70 org.apache.poi.openxml4j.opc,
71 org.apache.poi.poifs.filesystem,
72 org.apache.poi.ss.usermodel,
73 org.apache.poi.ss.util,
74 org.apache.poi.xssf.streaming,
75 org.apache.poi.xssf.usermodel,
76 org.apache.poi.xssf.util,
77 org.apache.poi.xwpf.extractor,
78 org.apache.poi.xwpf.usermodel,
79 org.apache.xmlbeans,
80 org.dom4j,
81 org.dom4j.io,
82 org.jfree.chart,
83 org.jfree.chart.axis,
84 org.jfree.chart.labels,
85 org.jfree.chart.plot,
86 org.jfree.chart.renderer,
87 org.jfree.chart.renderer.category,
88 org.jfree.chart.renderer.xy,
89 org.jfree.chart.title,
90 org.jfree.data,
91 org.jfree.data.category,
92 org.jfree.data.general,
93 org.jfree.data.time,
94 org.jfree.data.xy,
95 org.jfree.ui,
96 org.openxmlformats.schemas.drawingml.x2006.main,
97 org.openxmlformats.schemas.drawingml.x2006.wordprocessingDrawing,
98 org.openxmlformats.schemas.wordprocessingml.x2006.main,
99 org.xerial.snappy,
100 org.xerial.snappy.buffer
4、修改后,图形界面工具(console/manager/monitor/analyzer)启动正常。
五、Windows环境测试
1、模拟删除mybatis-3.4.2.jar
图形界面工具启动异常
2、参照kylin v10环境,替换和修改文件后,工具启动正常
六、DEM测试
DEM也存在该高危漏洞,涉及文件位置
[dmdba@dem tomcat8]$ pwd
/dm/tomcat8
[dmdba@dem tomcat8]$ find ./|grep myba
./webapps/dem/WEB-INF/lib/mybatis-3.4.2.jar