[Discuss] Simple authentication bypass for MySQL root revealed
Tom Metro
tmetro+blu at gmail.com
Mon Jun 11 16:08:20 EDT 2012
Simple authentication bypass for MySQL root revealed
http://www.h-online.com/open/news/item/Simple-authentication-bypass-for-MySQL-root-revealed-1614990.html
Exploits for a recently revealed MySQL authentication bypass flaw are
now in the wild, partly because the flaw is remarkably simple to
exploit in order to gain root access to the database. The only
mitigating factor appears to be that it depends on the C library that
the MySQL database was built with. The bypass, assigned the
vulnerability id CVE-2012-2122, allows an attacker to gain root access
by repeatedly trying to login with an incorrect password. Each attempt
has a 1 in 256 chance of being given access. The exploits are mostly
variations of looping through connecting to MySQL with a bad password
around 300 to 512 times.
[...]
According to Golubchik the gcc built in memcmp and BSD libc memcmp are
safe, but the linux glibc sse-optimised memcmp is not safe. ... He
also believes that official vendor builds of MySQL or MariaDB are not
vulnerable, but that all versions, up to 5.1.61, 5.2.11, 5.3.5 and
5.5.22, are potentially vulnerable.
[...]
Calling the flaw "tragically comedic", security expert HD Moore has a
posting in which he details where MySQL is vulnerable. So far, 64-bit
versions of Ubuntu Linux (10.04, 10.10, 11.04, 11.10 and 12.04),
OpenSuSE 12.1 64-bit, Fedora 16 64-bit and Arch Linux have been found
to have vulnerable MySQL releases. Debian, RHEL, CentOS and GenToo,
among others, have been found not to be vulnerable.
[...]
More information about the Discuss
mailing list