CVE-2012-2122

NONECVSS 0.0

0.0

sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.

🔗 References (22)

secalert@redhathttp://bugs.mysql.com/bug.php?id=64884
secalert@redhathttp://kb.askmonty.org/en/mariadb-5162-release-notes/
secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html
secalert@redhathttp://seclists.org/oss-sec/2012/q2/493
secalert@redhathttp://secunia.com/advisories/49417
secalert@redhathttp://secunia.com/advisories/53372
secalert@redhathttp://security.gentoo.org/glsa/glsa-201308-06.xml
secalert@redhathttp://securitytracker.com/id?1027143
secalert@redhathttp://www.exploit-db.com/exploits/19092
secalert@redhathttp://www.securityfocus.com/bid/53911
secalert@redhathttps://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql
af854a3a-2127-422b-91ae-364da2661108http://bugs.mysql.com/bug.php?id=64884
af854a3a-2127-422b-91ae-364da2661108http://kb.askmonty.org/en/mariadb-5162-release-notes/
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/oss-sec/2012/q2/493

Is Your Infrastructure Affected by CVE-2012-2122?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2012-2122

📅 Published

🔄 Last Modified

🔗 References (22)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2012-2122?