Today's Question:  What are you most afraid of as a programmer?        GIVE A SHOUT

Technical Article => Database =>  MySQL

A serious security vulnerability found in MySQL/MariaDB

  Peter      2012-06-11 10:28:09      3,647    0    0

Recently a serious security vulnerability was found in MySQL/MariaDB. It relates to the access to the database. The issue is described below.

When a user connects to MariaDB/MySQL, a token (SHA over a password and a random scramble string) is calculated and compared with the expected value. Because of incorrect casting, it might've happened that the token and the expected value were considered equal, even if the memcmp() returned a non-zero value. In this case MySQL/MariaDB would think that the password is correct, even while it is not.  Because the protocol uses random strings, the probability of hitting this bug is about 1/256.

Which means, if one knows a user name to connect (and "root" almost always exists), she can connect using *any* password by repeating connection attempts. ~300 attempts takes only a fraction of second, so basically account password protection is as good as nonexistent. Any client will do, there's no need for a special libmysqlclient library.

According to Sergei Golubchik, the affected MySQL/MariaDB version are All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22.

For the detailed bug description and patches for the bug. Please visit SECLISTS.ORG. Hope people who are using the above mentioned MySQL/MariaDB versions to fix the bug as soon as possible.



Share on Facebook  Share on Twitter  Share on Google+  Share on Weibo  Share on Reddit  Share on Digg  Share on Tumblr    Delicious



No comment for this article.


Levis 501 : Not implemented?

By sonic0002
In HTTP 1.1, the status code 501 means not implemented. What if this happens at Levis?