New Search

Vulnerability in Oracle MySQL 5.1.x before 5.1.63 5.5.x before 5.5.24 and 5.6.x before 5.6.6 (CVE-2012-2122)

oval:org.cisecurity:def:8279

sql/password.c in Oracle MySQL 5.1.x before 5.1.63 5.5.x before 5.5.24 and 5.6.x before 5.6.6 and MariaDB 5.1.x before 5.1.62 5.2.x before 5.2.12 5.3.x before 5.3.6 and 5.5.x before 5.5.23 when running in certain environments with certain implementations of the memcmp function allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password which eventually causes a token comparison to succeed due to an improperly-checked return value.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Vista
  • Microsoft Windows 8
  • Microsoft Windows XP
  • Microsoft Windows 8.1
  • Microsoft Windows 7
  • Microsoft Windows 10
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2003
Class:
vulnerability
Reference(s):
  • CVE-2012-2122
Product(s):
  • MySQL Server 5.5
  • MySQL Server 5.1
  • MariaDB
  • MySQL Server 5.6