Skip to end of metadata
Go to start of metadata

What wrong with MySql ?

A bug in MySql/MariaDB Sql allows an attacker to by-pass authentication on the database server by brute-forcing it. This bug is trivial to
exploit. Original Advisory and details

Why should I be worried?

LBNL Cyber security has noticed a significant spike in scanning activity for mysql ports (tcp/3306) since late May onwards. The increase in the activity is an indication that miscreants are attempting to exploit this bug by identifying and brute-forcing vulnerable MySql installations. LBNL's scan detection and auto blocks on the border have been effective deterrent so far.

We strongly advise that you patch and update your systems.

Am I affected?

All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 *are vulnerable*.

MariaDB versions from 5.1.62, 5.2.12, 5.3.6, 5.5.23 are not affected.
MySQL versions from 5.1.63, 5.5.24, 5.6.6 are not affected.

How do I protect myself?

Install the updates on MySql server. You can use your package management tools such as yum or apt-get to fetch the updates.
Additionally, the original advisory also provides the links to the fixes:

Am I compromised?

So far we haven't found a system within the LBNL network which has been compromised by exploiting this bug. LBNL Cyber Security is actively monitoring network for any such signs of compromise.

I want to know more