Nmap Development mailing list archives
Re: NSE: mysql-vuln-cve2012-2122 - Authentication bypass in MySQL and MariaDB servers up to 5.1.61, 5.2.11, 5.3.5 and 5.5.22
From: Paulino Calderon <paulino () calderonpale com>
Date: Wed, 13 Jun 2012 00:18:50 -0600
On 06/11/2012 02:16 PM, David Fifield wrote:
The script started to fail when using a remote connection but I realized today it was probably my flaky connection dropping the packets =/.On Mon, Jun 11, 2012 at 02:45:48AM -0600, Paulino Calderon wrote:After testing from a remote connection I realized the iteration counter needed to be way bigger. I also left additional debug messages that were added when troubleshooting.Let's commit this script as we've already had some positive reports. What made you increase to 10000 tries? The chance of failing after 1000 is (255/256)**1000 ≈ 2%. Was that too high a failure rate or was it for some other reason? David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
I've signed up with a new ISP, changed the iteration value back to 1,500 and commited it as r28928. I will try to test this against MariaDB and report back/update this.
Cheers.
Attachment:
mysql-vuln-cve2012-2122.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE: mysql-vuln-cve2012-2122 - Authentication bypass in MySQL and MariaDB servers up to 5.1.61, 5.2.11, 5.3.5 and 5.5.22 Paulino Calderon (Jun 11)
- Re: NSE: mysql-vuln-cve2012-2122 - Authentication bypass in MySQL and MariaDB servers up to 5.1.61, 5.2.11, 5.3.5 and 5.5.22 Paulino Calderon (Jun 11)
- Re: NSE: mysql-vuln-cve2012-2122 - Authentication bypass in MySQL and MariaDB servers up to 5.1.61, 5.2.11, 5.3.5 and 5.5.22 Paulino Calderon (Jun 11)
- Re: NSE: mysql-vuln-cve2012-2122 - Authentication bypass in MySQL and MariaDB servers up to 5.1.61, 5.2.11, 5.3.5 and 5.5.22 Aleksandar Nikolic (Jun 11)
- Re: NSE: mysql-vuln-cve2012-2122 - Authentication bypass in MySQL and MariaDB servers up to 5.1.61, 5.2.11, 5.3.5 and 5.5.22 Patrik Karlsson (Jun 11)
- Re: NSE: mysql-vuln-cve2012-2122 - Authentication bypass in MySQL and MariaDB servers up to 5.1.61, 5.2.11, 5.3.5 and 5.5.22 Martin Holst Swende (Jun 11)
- Re: NSE: mysql-vuln-cve2012-2122 - Authentication bypass in MySQL and MariaDB servers up to 5.1.61, 5.2.11, 5.3.5 and 5.5.22 Ron (Jun 11)
- Re: NSE: mysql-vuln-cve2012-2122 - Authentication bypass in MySQL and MariaDB servers up to 5.1.61, 5.2.11, 5.3.5 and 5.5.22 David Fifield (Jun 11)
- Re: NSE: mysql-vuln-cve2012-2122 - Authentication bypass in MySQL and MariaDB servers up to 5.1.61, 5.2.11, 5.3.5 and 5.5.22 Paulino Calderon (Jun 12)
- Re: NSE: mysql-vuln-cve2012-2122 - Authentication bypass in MySQL and MariaDB servers up to 5.1.61, 5.2.11, 5.3.5 and 5.5.22 Paulino Calderon (Jun 11)
- Re: NSE: mysql-vuln-cve2012-2122 - Authentication bypass in MySQL and MariaDB servers up to 5.1.61, 5.2.11, 5.3.5 and 5.5.22 Paulino Calderon (Jun 11)