July 6th, 2004 10:24 PM
MySQL Auth Vulnerabiltiy
I haven't seen this posted yet. So I'm going to throw it up here. This has been posted on Secunia and seems to be fairly critical.
Hopefully people aren't using beta's in production, but this will affect a lot of home users who aim for the latest and greatest in applications.
Chris Anley has reported two vulnerabilities in MySQL, allowing malicious people to gain access to the database or the local system.
1) MySQL fails to properly verify passwords if the client has set a specific client capability flag and specifies a "passwd_len" of NULL. This causes MySQL to accept a NULL password as a valid password and authenticates the user.
Successful exploitation requires that the attacker knows a valid username.
2) A boundary error within the handling of "scramble" strings can reportedly be exploited to execute arbitrary code if the attacker knows a password hash or through brute forcing.
The vulnerabilities only affect beta / developement branches of MySQL 4.1.x and MySQL 5.
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".