MySQL Authentication Bypass Vulnerability
Bug #22412 reported by
William Maddler
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mysql-dfsg-4.1 (Ubuntu) |
Invalid
|
High
|
Martin Pitt |
Bug Description
from Security Focus advisory:
"MySQL is prone to a vulnerability that may permit remote clients to bypass
authentication.
This is due to a logic error in the server when handling client-supplied length
values for password strings.
Successful exploitation will yield unauthorized access to the database.
This issue is known to exist in MySQL 4.1 releases prior to 4.1.3 and MySQL 5.0."
MySQL 4.0.24 supplied with Ubuntu is prone to this vulnerability, as well as the
latest 4.1.14 downloadable from www.mysql.com
http://
To post a comment you must log in.
(In reply to comment #0)
> MySQL 4.0.24 supplied with Ubuntu is prone to this vulnerability, as well as the
> latest 4.1.14 downloadable from www.mysql.com
I checked the 4.0.x sources, and it does not even contain the 323() function where the actual flaw is in. Also, all advisories
check_scramble_
mention that 4.1 onward is vulnerable, not 4.0. Upstream fixed it in 5.0 and
4.1, but there is no patch for 4.0.
So where did you learn that 4.0 is vulnerable? Did you run the exploit?