November 15, 2018

Language:

CamSA12-10: Critical Vulnerability in MySQL and MariaDB

I. Overview 

A critical vulnerability has been reported in MySQL and MariaDB database server, which can be exploited and allow a remote attacker to connect using any password by repeating connection attempts.

This vulnerability exist due to a token (SHA over a password and a random scramble string) is calculated and compared with the expected value. Due to the incorrect casting, it might have happened that the token and the expected value were considered equal, even if the memcmp() returned a non-zero value. In this case MySQL and MariaDB would think that the password is correct, even while it is not.  Because the protocol uses random strings, the probability of hitting this bug is about 1/256.

II. Effected System

– All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are vulnerable.

– MariaDB versions from 5.1.62, 5.2.12, 5.3.6, 5.5.23 are not vulnerable.

– MySQL versions from 5.1.63, 5.5.24, 5.6.6 are not vulnerable.

III. Solutions

CamCERT recommends system administrator of these applications to upgrade to the latest version via package manager or official update. The official update can be obtained fron the following URL:

– MySQL: http://www.mysql.com/downloads/

– MariaDB: http://downloads.mariadb.org/mariadb/

IV. Contact Information

– Email: office@camcert.gov.kh

– Tel: (855) 92 335 536 – (855) 16 888 209

[message_box title=”Disclaimer” color=”yellow”]

The information provided herein is on “as is” basis, without warranty of any kind.

[/message_box]