MySQL Zero-length Scrambled String Crafted Packet Authentication Bypass

This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.


Synopsis :

It is possible to bypass authentication on the remote database
service.

Description :

A bug in the version of MySQL running on the remote host allows a
remote attacker to bypass the password authentication mechanism using
a specially crafted packet with a zero-length scramble buff string.

An attacker with knowledge of an existing account defined to the
affected service can leverage this vulnerability to bypass
authentication and gain full access to that account.

See also :

http://archives.neohapsis.com/archives/bugtraq/2004-07/0038.html
http://dev.mysql.com/doc/refman/4.1/en/news-4-1-3.html

Solution :

Upgrade to MySQL 4.1.3 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Databases

Nessus Plugin ID: 17690 ()

Bugtraq ID: 10654

CVE ID: CVE-2004-0627

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial