1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87
|
#
# This script was written by Renaud Deraison <deraison@cvs.nessus.org>
#
# See the Nessus Scripts License for details
#
if(description)
{
script_id(10343);
script_cve_id("CVE-2000-0148");
name["english"] = "MySQLs accepts any password";
name["francais"] = "MySQLs accepte n'importe quel mot de passe";
script_name(english:name["english"], francais:name["francais"]);
desc["english"] = "
You are running a version of MySQL which is
older than (or as old as) version 3.22.29
If you have not patched this version, then
any attacker who knows a valid username can
access your tables without having to enter any
valid password.
Risk factor : High
Solution : Upgrade to a newer version, or
edit the file mysql-xxx/sql/password.c, and
search for the 'while(*scrambled)' loop. In front
of it, add : 'if(strlen(scrambled) != strlen(to))return 1'";
desc["francais"] = "
Vous faites tourner une version de MySQL
plus ancienne ou gale la version 3.22.29.
Cette version est vulnrable un problme de
vrification de mot de passe qui permet
n'importe quel pirate connaissant un nom d'utilisateur
valide d'accder vos tables.
Facteur de risque : Elev
Solution : Mettez votre version jour,
ou bien patchez le fichier mysql-xxx/sql/password.c :
- cherchez la boucle 'while(*scrambled)'
- ajoutez devant :
if(strlen(scrambled)!=strlen(to))return 1
";
script_description(english:desc["english"], francais:desc["francais"]);
summary["english"] = "Checks for the remote MySQL version";
summary["francais"] = "Vrifie la version de MySQL";
script_summary(english:summary["english"], francais:summary["francais"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2000 Renaud Deraison",
francais:"Ce script est Copyright (C) 2000 Renaud Deraison");
family["english"] = "Remote file access";
family["francais"] = "Accs aux fichiers distants";
script_family(english:family["english"], francais:family["francais"]);
script_dependencie("find_service.nes");
script_require_ports("Services/mysql", 3306);
exit(0);
}
#
# The script code starts here
#
port = get_kb_item("Services/mysql");
if(!port)port = 3306;
if(get_port_state(port))
{
soc = open_sock_tcp(port);
if(soc)
{
r = recv(socket:soc, length:10);
if(ereg(pattern:"3\.([01].*)|(22\.([012].*))", string:r))security_hole(port);
close(soc);
}
}
|