Wind River Support Network

HomeDefectsLIN5-16454
Fixed

LIN5-16454 : Security Advisory - mysql - CVE-2012-2122

Created: Jul 1, 2012    Updated: Dec 19, 2017
Resolved Date: Mar 28, 2014
Previous ID: LIN2-20242
Found In Version: 5.0
Fix Version: 5.0.1.14
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2122

Workaround

Unknown

Steps to Reproduce

Unknown

Other Downloads


Live chat
Online