Reported July 01, 2004, by NGS Software, Ltd.

VERSIONS AFFECTED

  • MySQL AB's MySQL 5.0 and MySQL 4.1 (prior to 4.1.3)  

DESCRIPTION
MySQL AB's MySQL 5.0 and MySQL 4.1 (prior to 4.1.3) contain a bug that lets a remote user entirely bypass the MySQL password-authentication mechanism, so that the user can authenticate as a MySQL user without a password. By using a similar method, a stack buffer used in the authentication mechanism can be overflowed, although exploitation of the overflow isn't straightforward. By submitting a carefully crafted authentication packet, an attacker could bypass password authentication in MySQL 4.1. You can find more details about this vulnerability on the discoverer's Web site.
 

VENDOR RESPONSE
MySQL AB has fixed this bug in the most recent builds of MySQL 5.0 and in MySQL 4.1.3.

CREDIT
Discovered by NGS Software, Ltd.