CVE-2012-2122

Published: 6/26/2012 Last updated: 8/6/2024 Reserved: 4/4/2012

sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (2)

conf-mariadb conf-mysql

Products affected (1)

Product	Vendor	Version
n/a	n/a	n/a

References (22)

http://bugs.mysql.com/bug.php?id=64884
http://www.securityfocus.com/bid/53911
http://www.exploit-db.com/exploits/19092
http://secunia.com/advisories/53372
http://security.gentoo.org/glsa/glsa-201308-06.xml
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html
https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql
http://securitytracker.com/id?1027143
http://secunia.com/advisories/49417
http://seclists.org/oss-sec/2012/q2/493
http://kb.askmonty.org/en/mariadb-5162-release-notes/
http://bugs.mysql.com/bug.php?id=64884
http://www.securityfocus.com/bid/53911
http://www.exploit-db.com/exploits/19092
http://secunia.com/advisories/53372
http://security.gentoo.org/glsa/glsa-201308-06.xml
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html
https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql
http://securitytracker.com/id?1027143
http://secunia.com/advisories/49417
http://seclists.org/oss-sec/2012/q2/493
http://kb.askmonty.org/en/mariadb-5162-release-notes/