A remote overflow exists in MySQL. The MySQL server fails to check the length of a scrambled password used by the 4.1 authentication protocol resulting in a stack overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Upgrade to version 4.1.3 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): rename the 'root' account and apply host based login restrictions.

Note that the 4.0 series of the MySQL server is not affected and does not require an upgrade.

• Secunia Advisory ID: 12020
• ISS X-Force ID: 16612
• CVE ID: 2004-0628 (see also: NVD)
• CERT VU: 645326
• Related OSVDB ID: 7475
• Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0001.html
• Vendor URL: http://www.mysql.com
• Other Advisory URL: http://www.nextgenss.com/advisories/mysql-authbypass.txt
• Generic Informational URL: http://www.ngssoftware.com/papers/HackproofingMySQL.pdf

• Chris Anley - NGS Software