CVE-2018-2696
First published: Fri Nov 03 2017(Updated: )
It was discovered that the MySQL's sha256_password authentication plugin did not restrict the length password received from authenticating client before passing it to the my_crypt_genhash() function. This function implements SHA256 crypt password hashing algorithm that can also be used for hashing passwords in /etc/shadow on Linux systems. The algorithm is computationally intensive, and an excessively long passwords cause mysqld thread handling specific connection to consume all available CPU time. Additionally, the algorithm implementation in MySQL uses alloca() for memory allocation, which does not protect against stack overflow, possibly leading to memory corruption, process crash, and potentially code execution. Note that this issue affects deployments where non-default sha256_password authentication is configured for some or all database users.
Credit: secalert_us@oracle.com secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/mysql | <5.6.39 | 5.6.39 |
| redhat/mysql | <5.7.21 | 5.7.21 |
| debian/mysql-5.5 | ||
| debian/mysql-5.7 | ||
| MySQL | >=5.6.0<=5.6.38 | |
| MySQL | >=5.7.0<=5.7.20 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.securityfocus.com/bid/102701
- http://www.securitytracker.com/id/1040216
- https://access.redhat.com/errata/RHSA-2018:0586
- https://access.redhat.com/errata/RHSA-2018:0587
- https://security.netapp.com/advisory/ntap-20180117-0002/
- https://usn.ubuntu.com/3537-1/
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1348482&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1348482&action=edit
- https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-39.html
- https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-21.html
- https://github.com/mysql/mysql-server/commit/475dcde2c7856dd0050b967099a86c087d94f32f
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
- https://bugzilla.redhat.com/show_bug.cgi?id=1509475
- https://launchpad.net/bugs/cve/CVE-2018-2696
- https://security-tracker.debian.org/tracker/CVE-2018-2696
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2696
- https://nvd.nist.gov/vuln/detail/CVE-2018-2696
- https://ubuntu.com/security/CVE-2018-2696
Frequently Asked Questions
What is the severity of CVE-2018-2696?
CVE-2018-2696 is considered a critical vulnerability due to the potential for unauthorized access through inadequate password length restriction.
How do I fix CVE-2018-2696?
To fix CVE-2018-2696, upgrade your MySQL to version 5.6.39 or 5.7.21 or later versions.
What versions of MySQL are affected by CVE-2018-2696?
CVE-2018-2696 affects MySQL versions lower than 5.6.39 and 5.7.21.
How does CVE-2018-2696 impact MySQL security?
CVE-2018-2696 can lead to a potential denial-of-service condition or unauthorized access due to improper handling of password lengths.
Is there a workaround for CVE-2018-2696?
There is no known workaround for CVE-2018-2696, thus upgrading is the recommended action.
- agent/author
- agent/first-publish-date
- agent/severity
- agent/remedy
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-2696
- agent/software-canonical-lookup
- collector/launchpad-cve
- source/Launchpad
- collector/security-tracker-debian
- source/Debian
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/softwarecombine
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/redhat
- package-manager/debian
- vendor/oracle
- canonical/mysql
- version/mysql/5.6.0
- version/mysql/5.6.38
- version/mysql/5.7.0
- version/mysql/5.7.20