Authentication Bypass Vulnerability in MySQL

tdinc

█▄█ ▀█▄ █
Political User
#1
VERSIONS AFFECTED

* MySQL AB's MySQL 5.0 and MySQL 4.1 (prior to 4.1.3)

DESCRIPTION
MySQL AB's MySQL 5.0 and MySQL 4.1 (prior to 4.1.3) contain a bug that lets a remote user entirely bypass the MySQL password-authentication mechanism, so that the user can authenticate as a MySQL user without a password. By using a similar method, a stack buffer used in the authentication mechanism can be overflowed, although exploitation of the overflow isn't straightforward. By submitting a carefully crafted authentication packet, an attacker could bypass password authentication in MySQL 4.1. You can find more details about this vulnerability on the discoverer's Web site.



VENDOR RESPONSE
MySQL AB has fixed this bug in the most recent builds of MySQL 5.0 and in MySQL 4.1.3.here
 

Members online

No members online now.

Latest posts

Latest profile posts

Perris Calderon wrote on Electronic Punk's profile.
Ep, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there https://tinyurl.com/ycpxl
Electronic Punk wrote on Perris Calderon's profile.
All good still mate?
Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,971
Messages
673,299
Members
89,017
Latest member
soperyzoity