GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   MySQL vulnerable (https://gfy.com/showthread.php?t=1071097)

CYF 06-11-2012 01:56 PM
MySQL vulnerable
 
Quote:
A simple but serious MySQL and MariaDB authentication bypass flaw has been revealed by MariaDB security coordinator Sergei Golubchik, and exploits targeting it have already been found in the wild.

An attacker who knows a correct username (usually the ubiquitous "root") can easily connect using a random password by repeating connection attempts.

"~300 attempts takes only a fraction of second, so basically account password protection is as good as nonexistent," wrote Golubchik.
Quote:
Metaisploit's HD Moore says that, so far, 64-bit versions of Ubuntu Linux, OpenSuSE 12.1 64-bit, Fedora 16 64-bit and Arch Linux have been found to have vulnerable MySQL releases, while a number of Debian, Gentoo, CentOS and SuSE versions - as well as the official builds from MySQL and MariaDB - seem not to be affected.
MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are vulnerable

signupdamnit 06-11-2012 02:03 PM
Thanks for sharing this. Here's a link about it I found for anyone who wants it:

http://www.h-online.com/open/news/it...d-1614990.html

Am I correct in thinking that if one has their server configured to only accept local connections (like 127.0.0.1 for instance) then the hacker would have to first get a shell account or such on the system to be able to actually exploit this?

CYF 06-11-2012 02:08 PM
Quote:
Originally Posted by signupdamnit (Post 18999199)
Thanks for sharing this. Here's a link about it I found for anyone who wants it:

http://www.h-online.com/open/news/it...d-1614990.html

Am I correct in thinking that if one has their server configured to only accept local connections (like 127.0.0.1 for instance) then the hacker would have to first get a shell account or such on the system to be able to actually exploit this?
correct. I have this option enabled:

skip-networking

so the attacker would have to be local.

raymor 06-11-2012 02:36 PM
Quote:
Originally Posted by signupdamnit (Post 18999199)
Am I correct in thinking that if one has their server configured to only accept local connections (like 127.0.0.1 for instance) then the hacker would have to first get a shell account or such on the system to be able to actually exploit this?
Most older PHP scripts expose such a mechanism, often through fopen_url. Shared housing would also provide the mechanism, only to people hosted on tge same server. On the bright side, most builds of MySQL are not vulnerable. Gcc, for example, normally uses a safe version of memcmp(). Also it is with nothing that if skip_networking is used and the attacker already has remote execution, globe screwed with or without mysql.

The bottom line is that allowing remote execution, such as via deprecated PHP, is bad (duh), and that cheap shared hosting where there are thousand of other webmasters on the same server, is a security risk.


All times are GMT -7. The time now is 12:29 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123