Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2012-2122
Description:sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly- checked return value.
Test IDs: 1.3.6.1.4.1.25623.1.0.71632   1.3.6.1.4.1.25623.1.0.103492   1.3.6.1.4.1.25623.1.0.864474   1.3.6.1.4.1.25623.1.0.841039   1.3.6.1.4.1.25623.1.0.120296   1.3.6.1.4.1.25623.1.0.864504   1.3.6.1.4.1.25623.1.0.850182   1.3.6.1.4.1.25623.1.1.4.2012.0984.1  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2012-2122
BugTraq ID: 53911
http://www.securityfocus.com/bid/53911
http://www.exploit-db.com/exploits/19092
http://security.gentoo.org/glsa/glsa-201308-06.xml
http://bugs.mysql.com/bug.php?id=64884
https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql
http://seclists.org/oss-sec/2012/q2/493
http://securitytracker.com/id?1027143
http://secunia.com/advisories/49417
http://secunia.com/advisories/53372
SuSE Security Announcement: SUSE-SU-2012:0984 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html




© 1998-2024 E-Soft Inc. All rights reserved.