MySQL vulnerable - GoFuckYourself.com

CYF · 06-11-2012, 01:56 PM

Quote:

A simple but serious MySQL and MariaDB authentication bypass flaw has been revealed by MariaDB security coordinator Sergei Golubchik, and exploits targeting it have already been found in the wild.

An attacker who knows a correct username (usually the ubiquitous "root") can easily connect using a random password by repeating connection attempts.

"~300 attempts takes only a fraction of second, so basically account password protection is as good as nonexistent," wrote Golubchik.

Quote:

Metaisploit's HD Moore says that, so far, 64-bit versions of Ubuntu Linux, OpenSuSE 12.1 64-bit, Fedora 16 64-bit and Arch Linux have been found to have vulnerable MySQL releases, while a number of Debian, Gentoo, CentOS and SuSE versions - as well as the official builds from MySQL and MariaDB - seem not to be affected.

MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are vulnerable

signupdamnit · 06-11-2012, 02:03 PM

Thanks for sharing this. Here's a link about it I found for anyone who wants it:

http://www.h-online.com/open/news/it...d-1614990.html

Am I correct in thinking that if one has their server configured to only accept local connections (like 127.0.0.1 for instance) then the hacker would have to first get a shell account or such on the system to be able to actually exploit this?

CYF · 06-11-2012, 02:08 PM

Quote:

Originally Posted by signupdamnit

Thanks for sharing this. Here's a link about it I found for anyone who wants it:

http://www.h-online.com/open/news/it...d-1614990.html

Am I correct in thinking that if one has their server configured to only accept local connections (like 127.0.0.1 for instance) then the hacker would have to first get a shell account or such on the system to be able to actually exploit this?

correct. I have this option enabled:

skip-networking

so the attacker would have to be local.

raymor · 06-11-2012, 02:36 PM

Quote:

Originally Posted by signupdamnit

Am I correct in thinking that if one has their server configured to only accept local connections (like 127.0.0.1 for instance) then the hacker would have to first get a shell account or such on the system to be able to actually exploit this?

Most older PHP scripts expose such a mechanism, often through fopen_url. Shared housing would also provide the mechanism, only to people hosted on tge same server. On the bright side, most builds of MySQL are not vulnerable. Gcc, for example, normally uses a safe version of memcmp(). Also it is with nothing that if skip_networking is used and the attacker already has remote execution, globe screwed with or without mysql.

The bottom line is that allowing remote execution, such as via deprecated PHP, is bad (duh), and that cheap shared hosting where there are thousand of other webmasters on the same server, is a security risk.

06-11-2012, 02:03 PM	#2
signupdamnit Confirmed User Industry Role: Join Date: Aug 2007 Posts: 6,697	Thanks for sharing this. Here's a link about it I found for anyone who wants it: http://www.h-online.com/open/news/it...d-1614990.html Am I correct in thinking that if one has their server configured to only accept local connections (like 127.0.0.1 for instance) then the hacker would have to first get a shell account or such on the system to be able to actually exploit this?