Today's Question:  What's your opinion about Alibaba mooncake incident?        GIVE A SHOUT

Technical Article => Database =>  MySQL

A serious security vulnerability found in MySQL/MariaDB

  Peter      2012-06-11 10:28:09      3,346    0    0

Recently a serious security vulnerability was found in MySQL/MariaDB. It relates to the access to the database. The issue is described below.

When a user connects to MariaDB/MySQL, a token (SHA over a password and a random scramble string) is calculated and compared with the expected value. Because of incorrect casting, it might've happened that the token and the expected value were considered equal, even if the memcmp() returned a non-zero value. In this case MySQL/MariaDB would think that the password is correct, even while it is not.  Because the protocol uses random strings, the probability of hitting this bug is about 1/256.

Which means, if one knows a user name to connect (and "root" almost always exists), she can connect using *any* password by repeating connection attempts. ~300 attempts takes only a fraction of second, so basically account password protection is as good as nonexistent. Any client will do, there's no need for a special libmysqlclient library.

According to Sergei Golubchik, the affected MySQL/MariaDB version are All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22.

For the detailed bug description and patches for the bug. Please visit SECLISTS.ORG. Hope people who are using the above mentioned MySQL/MariaDB versions to fix the bug as soon as possible.

MYSQL BUG PASSWORD FIX MARIADB MEMCMP()

  SAVE AS PDF   MARK AS READ   MARK AS IMPORTANT

Share on Facebook  Share on Twitter  Share on Google+  Share on Weibo  Share on Reddit  Share on Digg  Share on Tumblr    Delicious

  RELATED


  0 COMMENT


No comment for this article.


  WRITE ARTICLE

Be careful with mathematician

By sonic0002
A mathematician was interviewing for a job. The interviewer asks him - "You are walking towards your office and running late for a very important meeting and you glimpse a building on fire with people screaming for help. What will you do?".The mathematician thinks for a while and replies : "People's