Back to search

Oracle MySQL Vulnerability: CVE-2012-2122

Severity CVSS Published Added Modified
5 (AV:N/AC:H/Au:N/C:P/I:P/A:P) June 26, 2012 August 26, 2012 February 25, 2014

Available Exploits 

Description

sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

  • Oracle MySQL >= 5.1 and < 5.1.63

    Upgrade to Oracle MySQL version 5.1.63

    Download and apply the upgrade from: http://downloads.mysql.com/archives.php

    Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.

  • Oracle MySQL >= 5.5 and < 5.5.24

    Upgrade to Oracle MySQL version 5.5.24

    Download and apply the upgrade from: http://downloads.mysql.com/archives.php

    Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.

  • Oracle MySQL >= 5.6 and < 5.6.6

    Upgrade to Oracle MySQL version 5.6.6

    Download and apply the upgrade from: http://downloads.mysql.com/archives.php

    Please note that individual platforms and OS distributions may provide their own means of upgrading MySQL (via an RPM, for example). These supported upgrade methods should be used if available, instead of building the distribution from scratch.

Related Vulnerabilities