MySQL Unauthenticated Remote Access Vulnerability

Solution:
Version 3.22.32 has been made available by the vendor at:
http://www.mysql.com/download_3.22.html
This version will fix the vulnerabilies outlined in this entry.
A fixed version of the 3.23.x tree (Alpha tree) will be available shortly.

FreeBSD has made fixed FreeBSD ports of mySQL available at:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/databases/mysql-server-3.22.32.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/databases/mysql-server-3.22.32.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/databases/mysql-server-3.22.32.tgz

An unsupported patch was provided with the vulnerability posting:

Change the routine 'check_scramble' in mysql-3.22.26a/sql/password.c to do a
length check, _before_ starting the compare.
This should be as easy as inserting the following just above the
while (*scrambled) loop:

if (strlen(scrambled)!=strlen(to)) {
return 1;
}

Additional security can be achieved by only allowing essential hosts the ability to connect to the database server.



 

Privacy Statement
Copyright 2010, SecurityFocus