# MySQL vulnerability allows attackers to bypass password verification



## frijsdijk (Jun 13, 2012)

Ref:

http://www.csoonline.com/article/70...ows-attackers-to-bypass-password-verification
http://seclists.org/nmap-dev/2012/q2/679

Question: can anyone confirm that FreeBSD is not vulnerable to this bug?


----------



## kpa (Jun 13, 2012)

Look at the version numbers of MySQL server ports in the ports tree and compare them to the version numbers in the linked articles...


----------



## Anonymous (Jun 13, 2012)

frijsdijk said:
			
		

> Ref:
> 
> http://www.csoonline.com/article/70...ows-attackers-to-bypass-password-verification
> http://seclists.org/nmap-dev/2012/q2/679
> ...



According to an article on The H, this is a problem of the memcmp() function in the SSE-optimised glibc of several Linux distributions, and the article tells further that "the GCC built in memcmp and BSD libc memcmp are safe".

The German counterpart of said article on Heise-Online provides a simple terminal command to check for the vulnerability on localhost:

`$ for i in `seq 1 1000`; do mysql -u root --password=bad -h 127.0.0.1 2>/dev/null; done`

If this comes up with the mysql prompt, then the server is vulnerable. You may want to change the -u and -h options for checking other users/servers.

Best regards

Rolf


----------

