安装的mysql8.0.40版本,在漏扫中出现一个漏洞提示openssl版本过低
# 系统自带的openssl链接库文件在/usr/lib64下 [root@localhost ~]# cd /usr/lib64/ [root@localhost lib64]# ll libcrypto* lrwxrwxrwx 1 root root 18 Oct 1 09:38 libcrypto.so -> libcrypto.so.3.2.2 lrwxrwxrwx 1 root root 18 Oct 1 09:38 libcrypto.so.3 -> libcrypto.so.3.2.2 -rwxr-xr-x 1 root root 5435440 Oct 1 09:38 libcrypto.so.3.2.2 [root@localhost lib64]# ll libssl* -rwxr-xr-x. 1 root root 449560 Sep 16 11:38 libssl3.so lrwxrwxrwx 1 root root 15 Oct 1 09:38 libssl.so -> libssl.so.3.2.2 lrwxrwxrwx 1 root root 15 Oct 1 09:38 libssl.so.3 -> libssl.so.3.2.2 -rwxr-xr-x 1 root root 957480 Oct 1 09:38 libssl.so.3.2.2 # 查看mysql载入的动态链接库路径 [root@localhost lib64]# ldd /usr/local/mysql/bin/mysql | grep libcrypto libcrypto.so.3 => /usr/local/mysql/bin/../lib/private/libcrypto.so.3 (0x00007f59b5e00000) [root@localhost lib64]# ldd /usr/local/mysql/bin/mysqld | grep -i "ssl" libssl.so.3 => /usr/local/mysql/bin/../lib/private/libssl.so.3 (0x00007fa5b1e00000) 可以看到都是用的mysql自带的库 [root@localhost lib64]# strings /usr/local/mysql/lib/private/libcrypto.so.3 | grep -i "OpenSSL" OpenSSL 3.0.15 3 Sep 2024 自带的是3.0.15版本,所以漏扫提示此版本有漏洞 解决方法: # 通过输出环境变量,让mysql去读系统自带的openssl [root@localhost lib64]# export LD_LIBRARY_PATH=/usr/lib64:$LD_LIBRARY_PATH [root@localhost lib64]# systemctl restart mysql # 再次确认 [root@localhost lib64]# ldd /usr/local/mysql/bin/mysqld | grep -i "ssl" libssl.so.3 => /usr/lib64/libssl.so.3 (0x00007fe9b4f1a000) [root@localhost lib64]# ldd /usr/local/mysql/bin/mysql | grep libcrypto libcrypto.so.3 => /usr/lib64/libcrypto.so.3 (0x00007f262d600000) [root@localhost ~]# strings /usr/lib64/libcrypto.so.3 | grep -i "OpenSSL" OpenSSL 3.2.2 4 Jun 2024
原创文章,转载请注明。本文链接地址: https://www.rootop.org/pages/5509.html