Monday, June 11, 2012

MySql Authentication Bypass Exploit

Dave Kennedy - There has been a new MYSQL authentication bypass exploit released on seclist here: . It is absolutely trivial to gain root access to a MySQL database at this point. Thanks to jduck for the tweet bringing this to our attention.

 HD Moore  - A Tragically Comedic Security Flaw in MySQL

and there is more info about this bug :

All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are vulnerable.