Security vulnerability in MySQL/MariaDB


A vulnerability has been identified in Mysql and MariaDB.

Basically under specific conditions it is possible for an attacker to provide any password and it will be accepted.

The source file affected is password.c

you can find an more detailed explaination and a fix here

http://seclists.org/oss-sec/2012/q2/493

All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are vulnerable.
MariaDB versions from 5.1.62, 5.2.12, 5.3.6, 5.5.23 are not.
MySQL versions from 5.1.63, 5.5.24, 5.6.6 are not.

If you know a username (root in most cases).  A situation arises where if you connect approx 250 to 300 times, that mysql will allow you connect without any password.

Comments

Popular posts from this blog

Basic Send Message to MQ with Java and IBM MQ JMS

Basic Receive Message to MQ with Java and IBM MQ JMS

Creating a simple Alert / Success Message with ASP.NET/VB using Bootstrap