Authentication Bypass Vulnerability in MySQL

tdinc

OSNN Veteran Addict
Political Access
Joined
6 Dec 2003
Messages
3,508
VERSIONS AFFECTED

* MySQL AB's MySQL 5.0 and MySQL 4.1 (prior to 4.1.3)

DESCRIPTION
MySQL AB's MySQL 5.0 and MySQL 4.1 (prior to 4.1.3) contain a bug that lets a remote user entirely bypass the MySQL password-authentication mechanism, so that the user can authenticate as a MySQL user without a password. By using a similar method, a stack buffer used in the authentication mechanism can be overflowed, although exploitation of the overflow isn't straightforward. By submitting a carefully crafted authentication packet, an attacker could bypass password authentication in MySQL 4.1. You can find more details about this vulnerability on the discoverer's Web site.



VENDOR RESPONSE
MySQL AB has fixed this bug in the most recent builds of MySQL 5.0 and in MySQL 4.1.3.here
 

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back