Security Simple authentication bypass for MySQL root revealed

J65nko · #1 **(View Single Post)** 11th June 2012

Quote:

Exploits for a recently revealed MySQL authentication bypass flaw are now in the wild, partly because the flaw is remarkably simple to exploit in order to gain root access to the database. The only mitigating factor appears to be that it depends on the C library that the MySQL database was built with. The bypass, assigned the vulnerability ID CVE-2012-2122, allows an attacker to gain root access by repeatedly trying to login with an incorrect password. Each attempt has a 1 in 256 chance of being given access. The exploits are mostly variations of looping through connecting to MySQL with a bad password around 300 to 512 times.

Carpetsmoker · #2 **(View Single Post)** 11th June 2012

Yikes!

As I understand it, you can check this with a simple script:

Code:

#!/bin/sh

for i in $(jot 2000); do
        mysql -u root --password=wrong -h mysql_machine
done

To be sure, I checked a few CentOS 5.x machines and a FreeBSD 8 machine, none were vulnerable.

Bonus hint: firewall!

J65nko · #3 **(View Single Post)** 13th June 2012

At http://pastie.org/4064638 is a C program for testing whether the memcmp function is vulnerable.

Thread Tools
Show Printable Version Email this Page
Display Modes
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Using public keys for SSH authentication	amrogers3	OpenBSD General	12	13th November 2011 11:10 PM
CAPTCHA schemes still easy to bypass	J65nko	News	8	7th November 2011 07:09 PM
NTLM Authentication	plexter	FreeBSD Security	1	7th January 2011 07:43 PM
Cups , authentication issue	welkin	FreeBSD Installation and Upgrading	2	7th March 2010 12:03 AM
openldap for authentication	rajendra_nagi	FreeBSD General	9	17th July 2008 06:43 PM