#VU32786 Improper Authentication in MySQL Server - CVE-2012-2122
Published: June 26, 2012 / Updated: July 29, 2020
Vulnerability identifier: #VU32786
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:A/U:Green
CVE-ID: CVE-2012-2122
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
MySQL Server
MySQL Server
Software vendor:
Oracle
Oracle
Description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
Remediation
Install update from vendor's website.
External links
- http://bugs.mysql.com/bug.php?id=64884
- http://kb.askmonty.org/en/mariadb-5162-release-notes/
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html
- http://seclists.org/oss-sec/2012/q2/493
- http://secunia.com/advisories/49417
- http://secunia.com/advisories/53372
- http://security.gentoo.org/glsa/glsa-201308-06.xml
- http://securitytracker.com/id?1027143
- http://www.exploit-db.com/exploits/19092
- http://www.securityfocus.com/bid/53911
- https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql