CVE-2012-2122

Priority
High
Description
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24,
and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before
5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in
certain environments with certain implementations of the memcmp function,
allows remote attackers to bypass authentication by repeatedly
authenticating with the same incorrect password, which eventually causes a
token comparison to succeed due to an improperly-checked return value.
References
Bugs
Notes
jdstrand> mysql-cluster-7.0 not supported per Ubuntu Server team
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):ignored
Ubuntu 11.04 (Natty Narwhal):ignored
Ubuntu 11.10 (Oneiric Ocelot):ignored
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Package
Upstream:released (5.5.24)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Ubuntu 12.04 LTS (Precise Pangolin):released (5.5.24-0ubuntu0.12.04.1)
Ubuntu 12.10 (Quantal Quetzal):released (5.5.25-0ubuntu1)
Patches:
Upstream:http://bazaar.launchpad.net/~mysql/mysql-server/5.1/revision/3560.10.17
Package
Upstream:released (5.1.63)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released (5.1.63-0ubuntu0.10.04.1)
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):released (5.0.96-0ubuntu3)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Package
Upstream:released (5.1.63)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):released (5.1.63-0ubuntu0.11.04.1)
Ubuntu 11.10 (Oneiric Ocelot):released (5.1.63-0ubuntu0.11.10.1)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-27 20:14:42 UTC (commit 5449)