发布时间 :2000-02-08 00:00:00
修订时间 :2008-09-10 15:03:06

[原文]MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string.


        MySQL 3.22版本存在漏洞。远程攻击者借助简短检查字符串可以绕过密码认证并访问数据库。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:mysql:mysql:3.23.8MySQL MySQL 3.23.8
cpe:/a:mysql:mysql:3.22.27MySQL MySQL 3.22.27
cpe:/a:mysql:mysql:3.22.30MySQL MySQL 3.22.30
cpe:/a:mysql:mysql:3.22.29MySQL MySQL 3.22.29
cpe:/a:mysql:mysql:3.22.26MySQL MySQL 3.22.26
cpe:/a:mysql:mysql:3.23.9MySQL MySQL 3.23.9
cpe:/a:mysql:mysql:3.23.10MySQL MySQL 3.23.10

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20000208 Remote access vulnerability in all MySQL server versions

- 漏洞信息

高危 访问验证错误
2000-02-08 00:00:00 2006-09-21 00:00:00
        MySQL 3.22版本存在漏洞。远程攻击者借助简短检查字符串可以绕过密码认证并访问数据库。

- 公告与补丁

        Version 3.22.32 has been made available by the vendor at:
         This version will fix the vulnerabilies outlined in this entry.
         A fixed version of the 3.23.x tree (Alpha tree) will be available shortly.
        FreeBSD has made fixed FreeBSD ports of mySQL available at:
        An unsupported patch was provided with the vulnerability posting:
        Change the routine 'check_scramble' in mysql-3.22.26a/sql/password.c to do a
        length check, _before_ starting the compare.
        This should be as easy as inserting the following just above the
        while (*scrambled) loop:
        if (strlen(scrambled)!=strlen(to)) {
         return 1;
        Additional security can be achieved by only allowing essential hosts the ability to connect to the database server.

- 漏洞信息

MySQL Short Check String Authentication Bypass

- 漏洞描述

Unknown or Incomplete

- 时间线

2000-02-08 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 3.22.32 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete