Monday, June 11, 2012

MySql Authentication Bypass Exploit

Dave Kennedy - There has been a new MYSQL authentication bypass exploit released on seclist here: . It is absolutely trivial to gain root access to a MySQL database at this point. Thanks to jduck for the tweet bringing this to our attention. 


 https://www.secmaniac.com/blog/2012/06/11/massive-mysql-authentication-bypass-exploit/

 HD Moore  - A Tragically Comedic Security Flaw in MySQL

and there is more info about this bug : http://seclists.org/oss-sec/2012/q2/493


All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are vulnerable.