Chris Anley has reported two vulnerabilities in MySQL, allowing malicious people to gain access to the database or the local system.
1) MySQL fails to properly verify passwords if the client has set a specific client capability flag and specifies a "passwd_len" of NULL. This causes MySQL to accept a NULL password as a valid password and authenticates the user.
Successful exploitation requires that the attacker knows a valid username.
2) A boundary error within the handling of "scramble" strings can reportedly be exploited to execute arbitrary code if the attacker knows a password hash or through brute forcing.
The vulnerabilities only affect beta / developement branches of MySQL 4.1.x and MySQL 5.
NOTE: Secunia doesn't recommend installing beta and development software on production systems and doesn't normally issue advisories regarding such software. However, an exception has been made in this case due to the potential attention this issue may receive.
Solution: MySQL production releases 3.x and 4.0.x are not affected.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: MySQL Authentication Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.