| VID |
25034 |
| Severity |
40 |
| Port |
3306 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The MySQL server is vulnerable to an Authentication Bypass Vulnerability through a zero-length password.
The versions 4.1 prior to 4.1.3 and 5.0 of MySQL have an authentication bypass vulnerability, caused by improper handling client-supplied length values for password strings. By supplying a specially-crafted authentication packet, a remote attacker could bypass the MySQL password authentication mechanism, allowing them to authenticate as a MySQL user without knowing that user's password. To successfully exploit this vulnerability, a remote attacker must be
know at least the username of the user to authenticate as, and be allowed connection on the remote MySQL server from the scanning IP address.
* Note: If this check solely relied on the version number of the remote MySQL server to assess this vulnerability, then this might be a false positive.
* References:
http://www.ngssoftware.com/papers/HackproofingMySQL.pdf
http://www.nextgenss.com/advisories/mysql-authbypass.txt
http://www.securiteam.com/unixfocus/5BP0420DFQ.html
* Platforms Affected:
MySQL 4.1 prior to 4.1.3
MySQL 5.0
Unix, Linux Any version
Windows Any version |
| Recommendation |
Upgrade to the MySQL 4.1.3 releases or the most recent builds of 5.0 fixed this issue, available from MySQL web site at http://dev.mysql.com/downloads/mysql/4.1.html
For a workaround, see the paper "Hackproofing MySQL", released by NGSSoftware from http://www.ngssoftware.com/papers/HackproofingMySQL.pdf |
| Related URL |
CVE-2004-0627 (CVE) |
| Related URL |
10654 (SecurityFocus) |
| Related URL |
(ISS) |
|
