CVE-2012-5615 security bug
Bug #1171941 reported by
Martin Arrieta
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Percona Server moved to https://jira.percona.com/projects/PS |
Fix Released
|
High
|
Sergei Glushchenko | ||
| 5.1 |
Invalid
|
High
|
Sergei Glushchenko | ||
| 5.5 |
Fix Released
|
High
|
Sergei Glushchenko | ||
| 5.6 |
Fix Released
|
High
|
Sergei Glushchenko | ||
Bug Description
During the initial handshake, the server replies immediately to the incorrect user name with "Access denied". But if the user name is correct, but the authentication mechanism is not - like a short scramble, when a long one is needed, or a plugin should be used - the server might reply "try different auth plugin (or scamble length)".
This allows to detect what user accounts exists in the server.
Tested on 5.5.30-30.2 Percona Server (GPL), Release rel30.2, Revision 508
[root@textbox ~]# perl mysql_userenum.pl localhost wordlist
[*] HIT! -- USER EXISTS: pepe@localhost
More information:
http://
https:/
Related branches
lp://staging/~sergei.glushchenko/percona-server/CVE-2012-5627-bug1172090-5.5
- Laurynas Biveinis (community): Approve
-
Diff: 758 lines (+357/-171)11 files modifiedPercona-Server/client/mysqltest.cc (+4/-1)
Percona-Server/mysql-test/r/change_user_notembedded.result (+5/-0)
Percona-Server/mysql-test/r/failed_auth_3909.result (+20/-0)
Percona-Server/mysql-test/r/mysqltest.result (+3/-3)
Percona-Server/mysql-test/t/change_user_notembedded.test (+24/-0)
Percona-Server/mysql-test/t/failed_auth_3909.test (+37/-0)
Percona-Server/sql/sql_acl.cc (+48/-6)
Percona-Server/sql/sql_class.cc (+1/-0)
Percona-Server/sql/sql_class.h (+1/-0)
Percona-Server/sql/sql_parse.cc (+18/-1)
Percona-Server/tests/mysql_client_test.c (+196/-160)
lp://staging/~sergei.glushchenko/percona-server/CVE-2012-5627-bug1172090-5.6
- Laurynas Biveinis (community): Approve
-
Diff: 758 lines (+357/-171)11 files modifiedPercona-Server/client/mysqltest.cc (+4/-1)
Percona-Server/mysql-test/r/change_user_notembedded.result (+5/-0)
Percona-Server/mysql-test/r/failed_auth_3909.result (+20/-0)
Percona-Server/mysql-test/r/mysqltest.result (+3/-3)
Percona-Server/mysql-test/t/change_user_notembedded.test (+24/-0)
Percona-Server/mysql-test/t/failed_auth_3909.test (+37/-0)
Percona-Server/sql/sql_acl.cc (+48/-6)
Percona-Server/sql/sql_class.cc (+1/-0)
Percona-Server/sql/sql_class.h (+1/-0)
Percona-Server/sql/sql_parse.cc (+18/-1)
Percona-Server/tests/mysql_client_test.c (+196/-160)
CVE References
| information type: | Private Security → Public |
| tags: | added: security |
Revision history for this message
| Laurynas Biveinis (laurynas-biveinis) wrote | #1 |
| information type: | Public → Public Security |
Revision history for this message
| Shahriyar Rzayev (rzayev-sehriyar) wrote | #2 |
To post a comment you must log in.
Oracle fix in 5.5.39 ?
$ bzr log -r 4676
-------
revno: 4676
tags: clone-5.5.39-build
committer: Venkata Sidagam <email address hidden>
branch nick: 5.5
timestamp: Mon 2014-06-30 19:24:25 +0530
message:
Bug #17357528 BACKPORT BUG#16513435 TO 5.5 AND 5.6
Description: Backporting BUG#16513435 to 5.5 and 5.6
This is a fix for REMOTE PREAUTH USER ENUMERATION FLAW bug