CVE-2012-2122

26.06.2012, 18:55

sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.1 UNKNOWN	NETWORK	HIGH		AV:N/AC:H/Au:N/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Affected Products (NVD)

Vendor	Product	Version
oracle	mysql	5.1.51
oracle	mysql	5.1.52
oracle	mysql	5.1.52:sp1
oracle	mysql	5.1.53
oracle	mysql	5.1.54
oracle	mysql	5.1.55
oracle	mysql	5.1.56
oracle	mysql	5.1.57
oracle	mysql	5.1.58
oracle	mysql	5.1.59
oracle	mysql	5.1.60
oracle	mysql	5.1.61
oracle	mysql	5.5.10
oracle	mysql	5.5.11
oracle	mysql	5.5.12
oracle	mysql	5.5.13
oracle	mysql	5.5.14
oracle	mysql	5.5.15
oracle	mysql	5.5.16
oracle	mysql	5.5.17
oracle	mysql	5.5.18
oracle	mysql	5.5.19
oracle	mysql	5.5.20
oracle	mysql	5.5.21
oracle	mysql	5.6.2
oracle	mysql	5.6.3
oracle	mysql	5.6.4
oracle	mysql	5.6.5
mariadb	mariadb	5.1.41
mariadb	mariadb	5.1.42
mariadb	mariadb	5.1.44
mariadb	mariadb	5.1.47
mariadb	mariadb	5.1.49
mariadb	mariadb	5.1.50
mariadb	mariadb	5.1.51
mariadb	mariadb	5.1.53
mariadb	mariadb	5.1.55
mariadb	mariadb	5.1.60
mariadb	mariadb	5.1.61
mariadb	mariadb	5.2.0
mariadb	mariadb	5.2.1
mariadb	mariadb	5.2.2
mariadb	mariadb	5.2.3
mariadb	mariadb	5.2.4
mariadb	mariadb	5.2.5
mariadb	mariadb	5.2.6
mariadb	mariadb	5.2.7
mariadb	mariadb	5.2.8
mariadb	mariadb	5.2.9
mariadb	mariadb	5.2.10
mariadb	mariadb	5.2.11
mariadb	mariadb	5.3.0
mariadb	mariadb	5.3.1
mariadb	mariadb	5.3.2
mariadb	mariadb	5.3.3
mariadb	mariadb	5.3.4
mariadb	mariadb	5.3.5
mariadb	mariadb	5.3.6
mariadb	mariadb	5.5.20
mariadb	mariadb	5.5.21
mariadb	mariadb	5.5.22

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

mysql-5.1

hardy	dne
lucid	dne
natty	Fixed 5.1.63-0ubuntu0.11.04.1 released
oneiric	Fixed 5.1.63-0ubuntu0.11.10.1 released
precise	dne

mysql-5.5

hardy	dne
lucid	dne
natty	dne
oneiric	dne
precise	Fixed 5.5.24-0ubuntu0.12.04.1 released

mysql-cluster-7.0

hardy	dne
lucid	ignored
natty	ignored
oneiric	ignored
precise	dne

mysql-dfsg-5.0

hardy	Fixed 5.0.96-0ubuntu3 released
lucid	dne
natty	dne
oneiric	dne
precise	dne

mysql-dfsg-5.1

hardy	dne
lucid	Fixed 5.1.63-0ubuntu0.10.04.1 released
natty	dne
oneiric	dne
precise	dne

Red Hat Enterprise Linux Releases

Red Hat Product

Release

mysql

RHEL 6

0:5.1.66-1.el6_3

fixed

mysql-bench

RHEL 6

0:5.1.66-1.el6_3

fixed

mysql-devel

RHEL 6

0:5.1.66-1.el6_3

fixed

mysql-embedded

RHEL 6

0:5.1.66-1.el6_3

fixed

mysql-embedded-devel

RHEL 6

0:5.1.66-1.el6_3

fixed

mysql-libs

RHEL 6

0:5.1.66-1.el6_3

fixed

mysql-server

RHEL 6

0:5.1.66-1.el6_3

fixed

mysql-test

RHEL 6

0:5.1.66-1.el6_3

fixed

Known Exploits!

Common Weakness Enumeration

CWE-287 - Improper Authentication
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

References

http://bugs.mysql.com/bug.php?id=64884

http://kb.askmonty.org/en/mariadb-5162-release-notes/

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html

http://seclists.org/oss-sec/2012/q2/493

http://secunia.com/advisories/49417

http://secunia.com/advisories/53372

http://security.gentoo.org/glsa/glsa-201308-06.xml

http://securitytracker.com/id?1027143

http://www.exploit-db.com/exploits/19092

http://www.securityfocus.com/bid/53911

https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql

http://bugs.mysql.com/bug.php?id=64884

http://kb.askmonty.org/en/mariadb-5162-release-notes/

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html

http://seclists.org/oss-sec/2012/q2/493

http://secunia.com/advisories/49417

http://secunia.com/advisories/53372

http://security.gentoo.org/glsa/glsa-201308-06.xml

http://securitytracker.com/id?1027143

http://www.exploit-db.com/exploits/19092

http://www.securityfocus.com/bid/53911

https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql