Hi Christian! Christian Hammers [2005-09-26 15:34 +0200]: > Hello Martin > > On 2005-09-26 Martin Pitt wrote: > > MySQL 4.1 and 5.0 are prone to an authentication bypass: > > http://www.nextgenss.com/advisories/mysql-authbypass.txt > > 4.0 seems to be unaffected. There is no CAN number yet. > > Thanks for notifying. > > I woudn't rely on 4.0 beeing unaffected as MySQL did not care > about "outdated" versions in the past.
I did a shallow review of the vuln before filing the bug. The root of the problem seems to be in the check_scramble_323(), which is not present at all in 4.0. However, actually trying the exploit in 4.0 wouldn't hurt :-) Thanks, Martin P.S. Did I mention that I hate the mysql BK? I failed again to locate the patch in mysql.bkbits.com... -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates?
signature.asc
Description: Digital signature
