Red Hat Bugzilla – Bug 1534139
CVE-2018-2703 mysql: sha256_password authentication DoS via hash with large rounds value
Last modified: 2018-04-11 13:10:26 EDT
The MySQL's sha256_password authentication plugin uses SHA256 crypt password hashing algorithm as defined in: https://www.akkadia.org/drepper/SHA-crypt.txt to hash user passwords for storing. This algorithm makes it possible to adjust how expensive it is to compute password hash by adjusting the number of "rounds" of hashing. The number of rounds is stored as part of a password hash. The algorithm specification also defines the minimum and maximum number of rounds that can be used. It was previously identified that the maximum number is rather high and causes hash computation to take excessive amount of time: https://sourceware.org/bugzilla/show_bug.cgi?id=20616 However, this problem is only relevant if user can set their password in a system using SHA256 crypt by directly providing a malicious hash, and does not affect use case where users can only provide plain text passwords with hashing done by the system. In MySQL 5.6, users with SQL access can set their password by directly providing password hash using: SET PASSWORD = '<hash>'; In MySQL 5.7, the <hash> string is considered to be a plain text password and is hashed again by the MySQL server. Refer to the 'SET PASSWORD' syntax description in the MySQL 5.6 and 5.7 documentation: https://dev.mysql.com/doc/refman/5.6/en/set-password.html https://dev.mysql.com/doc/refman/5.7/en/set-password.html Therefore in MySQL 5.6, a user with SQL access can set a password hash with many rounds for their account. Any subsequent attempt to authenticate to that account will cause MySQL server to use an excessive amount of CPU.
Acknowledgments: Name: Red Hat Product Security
This issue was fixed in MySQL 5.6.39 and 5.7.21: https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-39.html https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-21.html Incompatible Change: Passwords are now restricted to a maximum of 256 characters for the sha256_password authentication plugin, and for the PASSWORD() function when old_passwords=2. Also, the number of password hashing rounds is capped to limit CPU time used. (Bug #27099029, Bug #27194270) Upstream commit: https://github.com/mysql/mysql-server/commit/efb4087cfe12134e1541b39ee9a4305f7cd225f5
This is now also public via Oracle CPU January 2018: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Via RHSA-2018:0587 https://access.redhat.com/errata/RHSA-2018:0587
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Via RHSA-2018:0586 https://access.redhat.com/errata/RHSA-2018:0586