Reported July 01, 2004, by NGS Software, Ltd.


  • MySQL AB's MySQL 5.0 and MySQL 4.1 (prior to 4.1.3)  

MySQL AB's MySQL 5.0 and MySQL 4.1 (prior to 4.1.3) contain a bug that lets a remote user entirely bypass the MySQL password-authentication mechanism, so that the user can authenticate as a MySQL user without a password. By using a similar method, a stack buffer used in the authentication mechanism can be overflowed, although exploitation of the overflow isn't straightforward. By submitting a carefully crafted authentication packet, an attacker could bypass password authentication in MySQL 4.1. You can find more details about this vulnerability on the discoverer's Web site.

MySQL AB has fixed this bug in the most recent builds of MySQL 5.0 and in MySQL 4.1.3.

Discovered by NGS Software, Ltd.