MySQL Zero-length Scrambled String Crafted Packet Authentication Bypass

2004-07-01T08:28:10
ID OSVDB:7475
Type osvdb
Reporter Chris Anley(chris@ngssoftware.com)
Modified 2004-07-01T08:28:10

Description

Vulnerability Description

MySQL contains a flaw that may allow a malicious user to authenticate with the database without a password. The issue is triggered when a 4.1 protocol request occurs with a zero length password. It is possible that the flaw may allow arbitrary SQL command execution resulting in a loss of confidentiality and integrity.

Solution Description

Upgrade to version 4.1.3 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): rename the 'root' account and apply host based login restrictions.

Note that the 4.0 series of the MySQL server is not affected and does not require an upgrade.

Short Description

MySQL contains a flaw that may allow a malicious user to authenticate with the database without a password. The issue is triggered when a 4.1 protocol request occurs with a zero length password. It is possible that the flaw may allow arbitrary SQL command execution resulting in a loss of confidentiality and integrity.

References:

Vendor URL: http://www.mysql.com Secunia Advisory ID:12020 Related OSVDB ID: 7476 Other Advisory URL: http://www.nextgenss.com/advisories/mysql-authbypass.txt Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0001.html Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0003.html Generic Informational URL: http://www.ngssoftware.com/papers/HackproofingMySQL.pdf Generic Exploit URL: http://www.k-otik.com/exploits/07102004.mysql5_auth_bypass_zeropass.pl.php CVE-2004-0627 CERT VU: 184030