CVE-2012-2122

Priority
High
Description
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24,
and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before
5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in
certain environments with certain implementations of the memcmp function,
allows remote attackers to bypass authentication by repeatedly
authenticating with the same incorrect password, which eventually causes a
token comparison to succeed due to an improperly-checked return value.
References
Bugs
Notes
 jdstrand> mysql-cluster-7.0 not supported per Ubuntu Server team
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Package
Upstream:released (5.5.24)
Ubuntu 12.04 LTS (Precise Pangolin):released (5.5.24-0ubuntu0.12.04.1)
Patches:
Upstream:http://bazaar.launchpad.net/~mysql/mysql-server/5.1/revision/3560.10.17
Package
Upstream:released (5.1.63)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Package
Upstream:released (5.1.63)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:40:38 UTC (commit 9756)