Exploits for a recently revealed MySQL authentication bypass flaw are now in the wild, partly because the flaw is remarkably simple to exploit in order to gain root access to the database. The only mitigating factor appears to be that it depends on the C library that the MySQL database was built with. The bypass, assigned the vulnerability ID CVE-2012-2122, allows an attacker to gain root access by repeatedly trying to login with an incorrect password. Each attempt has a 1 in 256 chance of being given access. The exploits are mostly variations of looping through connecting to MySQL with a bad password around 300 to 512 times.
The vulnerability, which was detailed in a posting by MariaDB security coordinator Sergei Golubchik, is due to a casting error when checking the results of comparing (with the memcmp function) the password given and the expected password. "Basically account password protection is as good as nonexistent", says Golubchik, adding "Any client will do, there's no need for a special libmysqlclient library". Vulnerable versions of MySQL and MariaDB are those compiled with libraries that return integers outside the -128 to 127 range for memcmp. According to Golubchik the gcc built in memcmp and BSD libc memcmp are safe, but the linux glibc sse-optimised memcmp is not safe.
Continued : http://www.h-online.com/security/news/item/Simple-authentication-bypass-for-MySQL-root-revealed-1614990.html
Trivial Password Flaw Leaves MySQL Databases Exposed
MySQL flaw allows attackers to easily connect to server
Exploit Available for Trivial MySQL Password Bypass
Flaw in MySQL Allows Attackers to Connect to Server with Incorrect Passwords
See Vulnerabilities / Fixes:
MySQL User Login Security Bypass and Unspecified Vulnerability
MariaDB User Login Security Bypass Security Issue
Help, my PC with Windows 10 won't shut down properly
Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?