[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-2122Date: (C)2012-06-26   (M)2023-12-22


sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.1
Exploit Score: 4.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1027143
EXPLOIT-DB-19092
SECUNIA-49417
SECUNIA-53372
BID-53911
GLSA-201308-06
SUSE-SU-2012:0984
http://seclists.org/oss-sec/2012/q2/493
http://bugs.mysql.com/bug.php?id=64884
http://kb.askmonty.org/en/mariadb-5162-release-notes/
https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql

CPE    61
cpe:/a:mariadb:mariadb:5.1.61
cpe:/a:mariadb:mariadb:5.3.1
cpe:/a:mariadb:mariadb:5.5.22
cpe:/a:mariadb:mariadb:5.1.60
...
CWE    1
CWE-287
OVAL    15
oval:org.secpod.oval:def:600834
oval:org.secpod.oval:def:500953
oval:org.secpod.oval:def:104401
oval:org.secpod.oval:def:700888
...

© SecPod Technologies