Reported July 01, 2004, by NGS Software, Ltd.
VERSIONS AFFECTED
|
DESCRIPTION
MySQL AB's MySQL 5.0 and MySQL 4.1 (prior to 4.1.3) contain a bug that lets a
remote user entirely bypass the MySQL password-authentication mechanism, so
that the user can authenticate as a MySQL user without a password. By using a
similar method, a stack buffer used in the authentication mechanism can be
overflowed, although exploitation of the overflow isn't straightforward. By
submitting a carefully crafted authentication packet, an attacker could bypass
password authentication in MySQL 4.1. You can find more details about this
vulnerability on the discoverer's Web site.
VENDOR RESPONSE
MySQL AB has fixed this bug in the most
recent builds of MySQL 5.0 and in MySQL 4.1.3.
CREDIT
Discovered by NGS Software, Ltd.