Skip to main content
 Web开发网 » 数据库教程

Mysql身份认证漏洞,请站长尽快升级更新Mysql

2021年08月11日6530百度已收录

  近期MySQL爆出一个Mysql身份认证漏洞(CVE-2012-2122),

  受影响的Mysql版本:< v5.1.63 、< v5.5.24、< v5.6.6 。为了保障你的数据库安全,

  请站长们确认你的Mysql版本并尽快升级更新Mysql至最新版本或联系空间商更新。

  

  Security vulnerability in MySQL/MariaDB sql/password.cFrom:Sergei Golubchik <serg () montyprogram com>

  Date:Sat, 9 Jun 2012 17:30:38 +0200

  Hi

  We have recently found a serious security bug in MariaDB and MySQL.

  So, here, we’d like to let you know about what the issue and its impact

  is. At the end you can find a patch, in case you need to patch an older

  unsuported MySQL version.

  All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are

  vulnerable.

  MariaDB versions from 5.1.62, 5.2.12, 5.3.6, 5.5.23 are not.

  MySQL versions from 5.1.63, 5.5.24, 5.6.6 are not.

  This issue got assigned an id CVE-2012-2122.

  Here’s the issue. When a user connects to MariaDB/MySQL, a token (SHA

  over a password and a random scramble string) is calculated and compared

  with the expected value. Because of incorrect casting, it might’ve

  happened that the token and the expected value were considered equal,

  even if the memcmp() returned a non-zero value. In this case

  MySQL/MariaDB would think that the password is correct, even while it is

  not. Because the protocol uses randomstrings, the probability of

  hitting this bug is about 1/256.

  Which means, if one knows a user name to connect (and “root” almost

  always exists), she can connect using *any* password by repeating

  connection attempts. ~300 attempts takes only a fraction of second, so

  basically account password protection is as good as nonexistent.

  Any client will do, there’s no need for a special libmysqlclient library.

  But practically it’s better than it looks – many MySQL/MariaDB builds

  are not affected by this bug.

  Whether a particular build of MySQL or MariaDB is vulnerable, depends on

  how and where it was built. A prerequisite is a memcmp() that can return

  an arbitrary integer (outside of -128..127 range). To my knowledge gcc

  builtin memcmp is safe, BSD libc memcmp is safe. Linux glibc

  sse-optimized memcmp is not safe, but gcc usually uses the inlined

  builtin version.

  As far as I know, official vendor MySQL and MariaDB binaries are not

  vulnerable.

  Regards,

  Sergei Golubchik

  MariaDB Security Coordinator

  References:

  MariaDB bug report:

  MariaDB fix:

  MySQL bug report:

  MySQL fix:

  MySQL changelog:

  

  

  对大家有帮助请关注 科技博客:

评论列表暂无评论
发表评论
微信