From owner-doc-jp@jp.freebsd.org  Wed Mar  1 03:49:31 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id DAA10356;
	Wed, 1 Mar 2000 03:49:31 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from sv01.geocities.co.jp (sv01.geocities.co.jp [210.153.89.155])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id DAA10351
	for <doc-jp@jp.freebsd.org>; Wed, 1 Mar 2000 03:49:31 +0900 (JST)
	(envelope-from hrs@geocities.co.jp)
Received: from mail.geocities.co.jp (mail.geocities.co.jp [210.153.89.137]) by sv01.geocities.co.jp (8.9.3+3.2W/3.7W) with ESMTP id DAA28220 for <doc-jp@jp.freebsd.org>; Wed, 1 Mar 2000 03:49:31 +0900 (JST)
Received: from mail.hrs.jp (sutkmax2-ppp05.ed.kagu.sut.ac.jp [133.31.177.71]) by mail.geocities.co.jp (1.3G-GeocitiesJ-3.3) with ESMTP id DAA16117 for <doc-jp@jp.freebsd.org>; Wed, 1 Mar 2000 03:49:26 +0900 (JST)
Message-Id: <200002291849.DAA16117@mail.geocities.co.jp>
Received: from localhost (alph.hrs.jp [192.168.0.10])
	by mail.hrs.jp (8.9.3/3.7W/DomainMaster) with ESMTP id DAA02576
	for <doc-jp@jp.freebsd.org>; Wed, 1 Mar 2000 03:32:05 +0900 (JST)
	(envelope-from hrs@hrs.jp)
In-Reply-To: <20000229052646.6291337BA3B@hub.freebsd.org>
References: <20000229052646.6291337BA3B@hub.freebsd.org>
To: doc-jp@jp.freebsd.org
X-Mailer: Mew version 1.94 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Date: Wed, 01 Mar 2000 03:32:05 +0900
From: Hiroki Sato <hrs@geocities.co.jp>
X-Dispatcher: imput version 990905(IM130)
Lines: 156
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+990727
X-Sequence: doc-jp 7124
Subject: [doc-jp 7124] Re: ANNOUNCE: FreeBSD Security Advisory:
 FreeBSD-SA-00:05.mysql322-server
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: hrs@geocities.co.jp

$B:4F#!wEl5~M}2JBg3X$G$9!#(B

 SA-00:05.mysql322-server $B$NF|K\8lLu$G$9!#(B

 FreeBSD only $B$O!V!A$K8GM-$+!W!"(B
 port/package $B$O%+%?%+%J$J$7$NJ}8~$GE}0l$7$F$_$^$7$?!#(B

 # $B$`!<!"(Bworkaround $B$K=q$+$l$F$$$kJ}K!$O(B
 # $BBP1~$K$J$C$F$$$J$$$h$&$J!D!#(B

--
| $B:4F#(B $B9-@8!wEl5~M}2JBg3X(B <hrs@geocities.co.jp>
|
|                                  j7397067@ed.noda.sut.ac.jp(univ)
|                        hrs@jp.FreeBSD.org(FreeBSD doc-jp Project)

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Security Advisory: FreeBSD-SA-00:05.mysql322-server
  From: FreeBSD Security Officer <security-officer@freebsd.org>
  Date: Mon, 28 Feb 2000 21:26:46 -0800 (PST)
  Message-Id: <20000229052646.6291337BA3B@hub.freebsd.org>
  X-Sequence: announce-jp 393

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B$N%A%'%C%/$r(B
 $B9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B(doc-jp)$B$,(B
 $B;29M$N$?$a$KDs6!$9$k$b$N$G(B, $BK]Lu<T$*$h$S(B doc-jp $B$O(B $B$=$NFbMF$K$D$$$F(B
 $B$$$+$J$kJ]>Z$b$$$?$7$^$;$s(B. $BF|K\8lLu$K$D$$$F$N$*Ld$$9g$o$;$O(B,
 doc-jp@jp.freebsd.org $B$^$G$*4j$$$7$^$9(B.

--($B$3$3$+$i(B)

=============================================================================
FreeBSD-SA-00:05                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:       MySQL allows bypassing of password authentication

$BJ,N`(B:           ports
$B%b%8%e!<%k(B:     mysql322-server
$B9pCNF|(B:         2000-02-28
$B1F6AHO0O(B:       $B=$@5F|0JA0$N$9$Y$F$N(B Ports Collection
$B=$@5F|(B:         2000-02-15
FreeBSD $B$K8GM-$+(B:   NO

I.   Background - $BGX7J(B

MySQL is a popular SQL database client/server distributed as part of the
FreeBSD ports collection.

MySQL $B$O(B, $B9-$/;H$o$l$F$$$k(B SQL $B%G!<%?%Y!<%9$N%/%i%$%"%s%H(B/$B%5!<%P%7%9%F%`$G$9(B.  
$B$3$l$O(B, FreeBSD Ports Collection $B$N0lIt$H$7$FG[I[$5$l$F$$$^$9(B.  

II.  $BLdBj$N>\:Y(B - Problem Description

The MySQL database server (versions prior to 3.22.32) has a flaw in the
password authentication mechanism which allows anyone who can connect to
the server to access databases without requiring a password, given a valid
username on the database - in other words, the normal password
authentication mechanism can be completely bypassed.

MySQL $B%G!<%?%Y!<%9%5!<%P(B(3.22.32 $B$h$jA0$N%P!<%8%g%s(B)$B$K$O(B, 
$B%Q%9%o!<%IG'>Z5!9=$K%;%-%e%j%F%#>e$N7g4Y$,$"$k$?$a(B, 
$B%5!<%P$K@\B3$G$-$k?M$OC/$G$b(B, $B%G!<%?%Y!<%9$GM-8z$J%f!<%6L>$5$(F~NO$9$l$P(B, 
$B%Q%9%o!<%I$rMW5a$5$l$k$3$H$J$/%"%/%;%9$,2DG=$G$9(B.  $B$3$l$O$D$^$j(B, $BDL>o$N(B
$B%Q%9%o!<%IG'>Z5!9=$r40A4$K%P%$%Q%9$9$k$3$H$,$G$-$k$H$$$&$3$H$G$9(B.  

$BCm0U$7$FM_$7$$$N$G$9$,(B, MySQL $B$O%G%U%)%k%H$G$O%$%s%9%H!<%k$5$l$^$;$s$7(B,
FreeBSD $B$NItJ,$r9=@.$9$k$b$N$G$b$"$j$^$;$s(B.
$B$=$l$O(B FreeBSD Ports Collection $B$N$&$A$N0l$D$G$9(B.
FreeBSD Ports Collection $B$K$O(B, 3100 $B$rD6$($k%5!<%I%Q!<%F%#@=$N(B
$B%"%W%j%1!<%7%g%s$,$9$0$K%$%s%9%H!<%k$G$-$k7A$G<}$a$i$l$F$$$^$9(B.

FreeBSD $B$G$O(B, $B$3$N$h$&$J%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#(B
$BLdBj$KBP$7$F(B, $BFC$K<gD%$9$k$3$H$O$"$j$^$;$s(B($BLuCm(B: ports $B$KF~$C$F$$$k$+$i(B
$B$H$$$C$F(B, FreeBSD $B$N3+H/<T$?$A$,$=$N%"%W%j%1!<%7%g%s$,0BA4$G$"$k$HI>2A(B
$B$7$?$o$1$G$O$"$j$^$;$s(B).

$B$?$@$7(B, $B%;%-%e%j%F%#LdBj$KBP$7$FBg$-$J1F6A$r;}$D$h$&$J(B ports $B$KBP$9$k(B
$B%;%-%e%j%F%#4F::$rDs6!$9$Y$/(B, $B8=:_EXNOCf$G$9(B. 

III. $B1F6AHO0O(B - Impact

The successful attacker will have all of the access rights of that
database user and may be able to read, add or modify records.

$B967b$K@.8y$9$k$H(B, $B967b<T$O;XDj$7$?%G!<%?%Y!<%9%f!<%6$N;}$D(B
$B$9$Y$F$N%"%/%;%98"$r<j$KF~$l$k$3$H$,$G$-$^$9(B.  
$B$=$l$K$h$j(B, $B%G!<%?%Y!<%9%l%3!<%I$NFI$_=P$7(B, $BDI2C(B, $BJQ99$,2DG=$G$9(B.  

If you have not chosen to install the mysql322-server port/package, then
your system is not vulnerable.

mysql322-server $B$N(B port/package $B$r%$%s%9%H!<%k$7$F$$$J$$$J$i(B,
$B%7%9%F%`$K%;%-%e%j%F%#>e$NLdBj$O$"$j$^$;$s(B. 

IV.  $BBP1~:v(B - Workaround

Use appropriate access-control lists to limit which hosts can initiate
connections to MySQL databases - see:

$B%"%/%;%9%3%s%H%m!<%k%j%9%H$rE,@Z$K@_Dj$7(B,
MySQL $B%G!<%?%Y!<%9$K@\B3$G$-$k%[%9%H$r@)8B$7$^$9(B.  
$B>\:Y$K$D$$$F$O(B, $B0J2<$N>l=j$r;2>H$7$F2<$5$$(B.  

http://www.mysql.com/Manual_chapter/manual_Privilege_system.html

for more information. If unrestricted remote access to the database is not
required, consider using ipfw(8) or ipf(8), or your network perimeter
firewall, to prevent remote access to the database from untrusted machines
(MySQL uses TCP port 3306 for network communication). Note that users who
have access to machines which are allowed to initiate database connections
(e.g. local users) can still exploit the security hole.

$B$b$7(B, $B%G!<%?%Y!<%9$KBP$7$F@)8B$N$J$$%j%b!<%H%"%/%;%9$r5v2D$9$k(B
$BI,MW$,$J$1$l$P(B, ipfw(8) $B$d(B ipf(8), $B$"$k$$$O$"$J$?$NMxMQ$7$F$$$k(B
$B%M%C%H%o!<%/$N6-3&$K$"$k%U%!%$%"%&%)!<%k$r@_Dj$7$F(B, 
$B?.Mj@-$N$J$$%^%7%s$+$i$N%G!<%?%Y!<%9%"%/%;%9$rKI$0$3$H$r(B
$B9MN8$KF~$l$F2<$5$$(B(MySQL $B$ODL?.$K(B TCP $B%]!<%H$N(B 3306 $BHV$r;HMQ$7$^$9(B).  
$B$?$@$7$=$N>l9g$G$b(B, $B%G!<%?%Y!<%9$X$N@\B3$,5v2D$5$l$F$$$k%^%7%s$K(B
$B%"%/%;%9$G$-$k%f!<%6(B($BNc$($P%m!<%+%k%f!<%6(B)$B$+$i$O(B, $B0MA3$H$7$F(B
$B$3$N%;%-%e%j%F%#>e$N<eE@$,(B exploit $B2DG=$@$H$$$&$3$H$KCm0U$9$kI,MW$,$"$j$^$9(B.  

V.   $B=$@5=hCV(B - Solution

$B<!$N$$$:$l$+$K$h$C$F2r7h2DG=$G$9(B.

1) Ports Collection $BA4BN$r%"%C%W%0%l!<%I$7(B, mysql322-server $B$r(B
   $B:F%3%s%Q%$%k$7$F$/$@$5$$(B.

2) $B<!$K<($9>l=j(B

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/databases/mysql-server-3.22.32.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/databases/mysql-server-3.22.32.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/databases/mysql-server-3.22.32.tgz

   $B$+$i(B, $B=$@5F|0J9_$K:n@.$5$l$??7$7$$(B package $B$r<hF@$7(B, 
   $B%$%s%9%H!<%k$7D>$7$F$/$@$5$$(B. 

3) $B<!$K<($9>l=j(B

http://www.freebsd.org/ports/

   $B$+$i(B, mysql322-server $B$N?7$7$$(B port $B$r<hF@$7(B, $B$=$l$rMQ$$$F(B
   $B:F%3%s%Q%$%k$7$F$/$@$5$$(B.

4) portcheckout $B%f!<%F%#%j%F%#$r;H$&$H(B, $B>e5-(B (3) $B$r<+F0E*$K(B
   $B9T$J$&$3$H$,$G$-$^$9(B.  portcheckout $B$O(B,
   /usr/ports/devel/portcheckout $B$d(B, $B0J2<$N>l=j$+$iF~<j2DG=$G$9(B. 

ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-2.0.tgz
