[Discuss] Simple authentication bypass for MySQL root revealed

[tmetro+blu at gmail.com (Tom Metro)]

Simple authentication bypass for MySQL root revealed
http://www.h-online.com/open/news/item/Simple-authentication-bypass-for-MySQL-root-revealed-1614990.html

  Exploits for a recently revealed MySQL authentication bypass flaw are
  now in the wild, partly because the flaw is remarkably simple to
  exploit in order to gain root access to the database. The only
  mitigating factor appears to be that it depends on the C library that
  the MySQL database was built with. The bypass, assigned the
  vulnerability id CVE-2012-2122, allows an attacker to gain root access
  by repeatedly trying to login with an incorrect password. Each attempt
  has a 1 in 256 chance of being given access. The exploits are mostly
  variations of looping through connecting to MySQL with a bad password
  around 300 to 512 times.
  [...]
  According to Golubchik the gcc built in memcmp and BSD libc memcmp are
  safe, but the linux glibc sse-optimised memcmp is not safe. ... He
  also believes that official vendor builds of MySQL or MariaDB are not
  vulnerable, but that all versions, up to 5.1.61, 5.2.11, 5.3.5 and
  5.5.22, are potentially vulnerable.
  [...]
  Calling the flaw "tragically comedic", security expert HD Moore has a
  posting in which he details where MySQL is vulnerable. So far, 64-bit
  versions of Ubuntu Linux (10.04, 10.10, 11.04, 11.10 and 12.04),
  OpenSuSE 12.1 64-bit, Fedora 16 64-bit and Arch Linux have been found
  to have vulnerable MySQL releases. Debian, RHEL, CentOS and GenToo,
  among others, have been found not to be vulnerable.
  [...]