sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
History
21 Nov 2024, 01:38
Type | Values Removed | Values Added |
---|---|---|
References | () http://bugs.mysql.com/bug.php?id=64884 - Exploit | |
References | () http://kb.askmonty.org/en/mariadb-5162-release-notes/ - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html - | |
References | () http://seclists.org/oss-sec/2012/q2/493 - Patch | |
References | () http://secunia.com/advisories/49417 - Vendor Advisory | |
References | () http://secunia.com/advisories/53372 - | |
References | () http://security.gentoo.org/glsa/glsa-201308-06.xml - | |
References | () http://securitytracker.com/id?1027143 - | |
References | () http://www.exploit-db.com/exploits/19092 - | |
References | () http://www.securityfocus.com/bid/53911 - Exploit | |
References | () https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql - Exploit |
Information
Published : 2012-06-26 18:55
Updated : 2024-11-21 01:38
NVD link : CVE-2012-2122
Mitre link : CVE-2012-2122
CVE.ORG link : CVE-2012-2122
JSON object : View
Products Affected
oracle
- mysql
mariadb
- mariadb
CWE
CWE-287
Improper Authentication