Back to search

USN-1467-1: MySQL vulnerabilities

Severity CVSS Published Added Modified
5 (AV:N/AC:H/Au:N/C:P/I:P/A:P) June 26, 2012 May 06, 2013 February 25, 2014

Available Exploits 

Description

sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

  • mysql-server-5.1 on Ubuntu Linux 10.04

    Upgrade mysql-server-5.1 for Ubuntu 10.04 LTS

    Use `apt-get upgrade` to upgrade mysql-server-5.1 to the latest version

  • mysql-server-5.1 on Ubuntu Linux 11.04

    Upgrade mysql-server-5.1 for Ubuntu 11.04

    Use `apt-get upgrade` to upgrade mysql-server-5.1 to the latest version

  • mysql-server-5.1 on Ubuntu Linux 11.10

    Upgrade mysql-server-5.1 for Ubuntu 11.10

    Use `apt-get upgrade` to upgrade mysql-server-5.1 to the latest version

  • mysql-server-5.5 on Ubuntu Linux 12.04

    Upgrade mysql-server-5.5 for Ubuntu 12.04 LTS

    Use `apt-get upgrade` to upgrade mysql-server-5.5 to the latest version

  • mysql-server-5.0 on Ubuntu Linux 8.04

    Upgrade mysql-server-5.0 for Ubuntu 8.04 LTS

    Use `apt-get upgrade` to upgrade mysql-server-5.0 to the latest version

Related Vulnerabilities