• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

MySQL Unauthenticated Remote Access Vulnerability

Solution:
Version 3.22.32 has been made available by the vendor at:
http://www.mysql.com/download_3.22.html
This version will fix the vulnerabilies outlined in this entry.
A fixed version of the 3.23.x tree (Alpha tree) will be available shortly.

FreeBSD has made fixed FreeBSD ports of mySQL available at:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/databases/mysql-server-3.22.32.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/databases/mysql-server-3.22.32.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/databases/mysql-server-3.22.32.tgz

An unsupported patch was provided with the vulnerability posting:

Change the routine 'check_scramble' in mysql-3.22.26a/sql/password.c to do a
length check, _before_ starting the compare.
This should be as easy as inserting the following just above the
while (*scrambled) loop:

if (strlen(scrambled)!=strlen(to)) {
return 1;
}

Additional security can be achieved by only allowing essential hosts the ability to connect to the database server.