-
Notifications
You must be signed in to change notification settings - Fork 444
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
MYSQL-266: CVE-2012-5627: Reuse of salt during change_user
This is a port of Percona fix for the vulnerability.
- Loading branch information
1 parent
9d4e93f
commit 4f5727e
Showing
11 changed files
with
269 additions
and
83 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
ERROR 28000: Access denied for user 'foo'@'localhost' (using password: YES) | ||
ERROR 28000: Access denied for user 'foo'@'localhost' (using password: NO) | ||
ERROR 28000: Access denied for user 'foo'@'localhost' (using password: YES) | ||
ERROR 08S01: Unknown command | ||
ERROR 08S01: Unknown command |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
optimize table mysql.user; | ||
Table Op Msg_type Msg_text | ||
mysql.user optimize status OK | ||
insert mysql.user (user,plugin) values ('foo','bar'),('bar','bar'),('baz','bar'); | ||
Warnings: | ||
Warning 1364 Field 'ssl_cipher' doesn't have a default value | ||
Warning 1364 Field 'x509_issuer' doesn't have a default value | ||
Warning 1364 Field 'x509_subject' doesn't have a default value | ||
flush privileges; | ||
connect(localhost,u1,,test,MASTER_PORT,MASTER_SOCKET); | ||
ERROR HY000: Plugin 'bar' is not loaded | ||
connect(localhost,u2,,test,MASTER_PORT,MASTER_SOCKET); | ||
ERROR 28000: Access denied for user 'u2'@'localhost' (using password: NO) | ||
connect(localhost,u2,password,test,MASTER_PORT,MASTER_SOCKET); | ||
ERROR 28000: Access denied for user 'u2'@'localhost' (using password: YES) | ||
ERROR HY000: Plugin 'bar' is not loaded | ||
ERROR 28000: Access denied for user 'u2'@'localhost' (using password: NO) | ||
ERROR 28000: Access denied for user 'u2'@'localhost' (using password: YES) | ||
delete from mysql.user where plugin = 'bar'; | ||
flush privileges; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
source include/not_embedded.inc; | ||
|
||
# | ||
# MDEV-3915 COM_CHANGE_USER allows fast password brute-forcing | ||
# | ||
# only three failed change_user per connection. | ||
# successful change_user do NOT reset the counter | ||
# | ||
connect (test,localhost,root,,); | ||
connection test; | ||
--error 1045 | ||
change_user foo,bar; | ||
--error 1045 | ||
change_user foo; | ||
change_user; | ||
--error 1045 | ||
change_user foo,bar; | ||
--error 1047 | ||
change_user foo,bar; | ||
--error 1047 | ||
change_user; | ||
disconnect test; | ||
connection default; | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
source include/not_embedded.inc; | ||
|
||
# | ||
# MDEV-3909 remote user enumeration | ||
# | ||
# verify that for some failed login attemps (with wrong user names) | ||
# the server requests a plugin | ||
# | ||
optimize table mysql.user; | ||
insert mysql.user (user,plugin) values ('foo','bar'),('bar','bar'),('baz','bar'); | ||
flush privileges; | ||
|
||
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT | ||
--error ER_PLUGIN_IS_NOT_LOADED | ||
connect (fail,localhost,u1); | ||
|
||
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT | ||
--error ER_ACCESS_DENIED_ERROR | ||
connect (fail,localhost,u2); | ||
|
||
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT | ||
--error ER_ACCESS_DENIED_ERROR | ||
connect (fail,localhost,u2,password); | ||
|
||
--error ER_PLUGIN_IS_NOT_LOADED | ||
change_user u1; | ||
|
||
--error ER_ACCESS_DENIED_ERROR | ||
change_user u2; | ||
|
||
--error ER_ACCESS_DENIED_ERROR | ||
change_user u2,password; | ||
|
||
delete from mysql.user where plugin = 'bar'; | ||
flush privileges; | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.