Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: NSE: mysql-vuln-cve2012-2122 - Authentication bypass in MySQL and MariaDB servers up to 5.1.61, 5.2.11, 5.3.5 and 5.5.22
From: Martin Holst Swende <martin () swende se>
Date: Mon, 11 Jun 2012 12:53:38 +0200

Hi,

First I got this error using nmap 6.00:

NSE: 'mysql-vuln-cve2012-2122' (thread: 0x1ff2e80) against
127.0.0.1:3306 threw an error!
/usr/local/bin/../share/nmap/nselib/strict.lua:65: variable
'formatResultset' is not declared
stack traceback:
    [C]: in function 'error'
    /usr/local/bin/../share/nmap/nselib/strict.lua:69: in function
</usr/local/bin/../share/nmap/nselib/strict.lua:60>
    /usr/local/bin/../share/nmap/nselib/strict.lua:65: in function
</usr/local/bin/../share/nmap/nselib/strict.lua:60>
    mysql-vuln-cve2012-2122.nse:136: in function
<mysql-vuln-cve2012-2122.nse:80>
    (tail call): ?

After updating, everything worked fine! Good work.
A question regarding the categories : unless account lockout after a
number of tries is enabled, this could go in the "safe" category, right?
As I understand it, account lockout is not a feature in MySql (but
available as a plugin), so maybe this could be "safe" aswell?

Regards,
Martin


On 06/11/2012 10:45 AM, Paulino Calderon wrote:
After testing from a remote connection I realized the iteration
counter needed to be way bigger. I also left additional debug messages
that were added when troubleshooting.

Cheers.


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]