Check Point Advisories

Security Best Practice: Protection against Multiple MySQL Vulnerabilities

Check Point Reference: SBP-2006-04
Date Published: 21 May 2006
Severity: High
Last Updated: 8 May 2007
Source: SmartDefense Research Center
Industry Reference:CVE-2006-0903
CVE-2004-0627
CVE-2004-0628
Protection Provided by:
Who is Vulnerable? MySQL servers
Vulnerability Description MySQL is an open-source relational database management system that is rapidly growing in popularity. MySQL is free for most applications and is heavily used by the open source community, running on both Windows and UNIX operating systems. MySQL Servers are prone to multiple vulnerabilities, enabling an attacker to modify, obtain or destroy database contents. This may result in disclosure of confidential information, database modification or even database shutdown.
Vulnerability DetailsInterSpect NGX offers several protections for MySQL versions 5.0, 4.1 and 4.0, including:

MySQL Packet Sanity - To ensure compliance with the MySQL protocol, SmartDefense performs basic checks on MySQL packets, including checks such as validation of the length of login packets, the login process and that of MySQL commands.

Client Side Informative Logging - This protection enables logging of additional aspects of the client side of the MySQL session, e.g. ?User name during login request? produces a log with the username for each login request.

Block Specific MySQL Users - This list blocks MySQL queries from specific users. The root user, for example, should be blocked because only the administrator should have access to it.

MySQL Capabilities Restrictions - These are a set of protections that include options such as restricting the allowed MySQL traffic to more recent versions that use a new encryption method for logins and are much more secure, forcing MySQL traffic in the organization to use SSL encryption and strong authentication and more.

Blocked MySQL Commands - This protection enables you to block specific MySQL commands that can be misused or cause damage.

Blocked SQL Query Commands - SmartDefense enables you to block several SQL query commands that have been associated with widely exploited vulnerabilities. e.g CAN-2005-0799.

Blocked Tables- This protection restricts access to specific MySQL tables. Uncontrolled access to SQL tables can be misused and can lead to loss of sensitive user information.

MySQL Malicious Code Protector - This protection looks for executable code in places where it should not exist - for example in data fields. It analyzes the non ASCII segments of the SQL by disassembling machine code. It assesses the danger, and allows or

Protection Overview

This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO