Authentication Bypass Vulnerability in MySQL

Discussion in 'Windows Desktop Systems' started by tdinc, Jul 10, 2004.

  1. tdinc

    tdinc █▄█ ▀█▄ █ Political User

    Messages:
    3,507
    Location:
    Sterling Heights, MICHIGAN
    VERSIONS AFFECTED

    * MySQL AB's MySQL 5.0 and MySQL 4.1 (prior to 4.1.3)

    DESCRIPTION
    MySQL AB's MySQL 5.0 and MySQL 4.1 (prior to 4.1.3) contain a bug that lets a remote user entirely bypass the MySQL password-authentication mechanism, so that the user can authenticate as a MySQL user without a password. By using a similar method, a stack buffer used in the authentication mechanism can be overflowed, although exploitation of the overflow isn't straightforward. By submitting a carefully crafted authentication packet, an attacker could bypass password authentication in MySQL 4.1. You can find more details about this vulnerability on the discoverer's Web site.



    VENDOR RESPONSE
    MySQL AB has fixed this bug in the most recent builds of MySQL 5.0 and in MySQL 4.1.3.here