File: mysql_bad_password.nasl

package info (click to toggle)
nessus-plugins 1.0.10-2
  • links: PTS
  • area: main
  • in suites: woody
  • size: 4,924 kB
  • ctags: 408
  • sloc: sh: 7,838; ansic: 3,415; makefile: 233
file content (87 lines) | stat: -rw-r--r-- 2,393 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
#
# This script was written by Renaud Deraison <deraison@cvs.nessus.org>
#
# See the Nessus Scripts License for details
#

if(description)
{
 
 script_id(10343);  
 script_cve_id("CVE-2000-0148");
 name["english"] = "MySQLs accepts any password";
 name["francais"] = "MySQLs accepte n'importe quel mot de passe";
 script_name(english:name["english"], francais:name["francais"]);
 
 desc["english"] = "
You are running a version of MySQL which is 
older than (or as old as) version 3.22.29

If you have not patched this version, then
any attacker who knows a valid username can
access your tables without having to enter any
valid password.

Risk factor : High
Solution : Upgrade to a newer version, or
edit the file mysql-xxx/sql/password.c, and
search for the 'while(*scrambled)' loop. In front
of it, add : 'if(strlen(scrambled) != strlen(to))return 1'";

	
 desc["francais"] = "
Vous faites tourner une version de MySQL
plus ancienne ou gale  la version 3.22.29.

Cette version est vulnrable  un problme de
vrification de mot de passe qui permet 
n'importe quel pirate connaissant un nom d'utilisateur
valide d'accder  vos tables.


Facteur de risque : Elev
Solution : Mettez votre version  jour,
ou bien patchez le fichier  mysql-xxx/sql/password.c :
	- cherchez la boucle 'while(*scrambled)'
	- ajoutez devant :
		if(strlen(scrambled)!=strlen(to))return 1
";


 script_description(english:desc["english"], francais:desc["francais"]);
 
 summary["english"] = "Checks for the remote MySQL version";
 summary["francais"] = "Vrifie la version de MySQL";
 script_summary(english:summary["english"], francais:summary["francais"]);
 
 script_category(ACT_GATHER_INFO);
 
 
 script_copyright(english:"This script is Copyright (C) 2000 Renaud Deraison",
		francais:"Ce script est Copyright (C) 2000 Renaud Deraison");
 family["english"] = "Remote file access";
 family["francais"] = "Accs aux fichiers distants";
 script_family(english:family["english"], francais:family["francais"]);
 script_dependencie("find_service.nes");
 script_require_ports("Services/mysql", 3306);
 exit(0);
}

#
# The script code starts here
#


port = get_kb_item("Services/mysql");
if(!port)port = 3306;

if(get_port_state(port))
{
 soc = open_sock_tcp(port);
 if(soc)
 {
  r = recv(socket:soc, length:10);
  if(ereg(pattern:"3\.([01].*)|(22\.([012].*))", string:r))security_hole(port);
  close(soc);
 }
}