CVE-2012-2122

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.

References

http://bugs.mysql.com/bug.php?id=64884

http://kb.askmonty.org/en/mariadb-5162-release-notes/

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html

http://seclists.org/oss-sec/2012/q2/493

http://secunia.com/advisories/49417

http://secunia.com/advisories/53372

http://security.gentoo.org/glsa/glsa-201308-06.xml

http://securitytracker.com/id?1027143

http://www.exploit-db.com/exploits/19092

http://www.securityfocus.com/bid/53911

https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql

Details

Source: MITRE

Published: 2012-06-26

Updated: 2014-02-21

Type: CWE-287

Risk Information

CVSS v2

Base Score: 5.1

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 4.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:oracle:mysql:5.1.51:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.52:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.52:sp1:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.53:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.54:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.55:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.56:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.57:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.58:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.59:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.60:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.1.61:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:oracle:mysql:5.5.10:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.11:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.12:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.13:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.14:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.15:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.16:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.17:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.18:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.19:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.20:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.5.21:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:oracle:mysql:5.6.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.6.5:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:mariadb:mariadb:5.1.41:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.42:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.44:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.47:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.49:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.50:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.51:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.53:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.55:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.60:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.1.61:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:a:mariadb:mariadb:5.2.0:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.1:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.2:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.3:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.4:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.5:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.6:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.7:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.8:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.9:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.10:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.2.11:*:*:*:*:*:*:*

Configuration 6

OR

cpe:2.3:a:mariadb:mariadb:5.3.0:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.3.1:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.3.2:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.3.3:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.3.4:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.3.5:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.3.6:*:*:*:*:*:*:*

Configuration 7

OR

cpe:2.3:a:mariadb:mariadb:5.5.20:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.5.21:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:5.5.22:*:*:*:*:*:*:*

Tenable Plugins

View all (17 total)

IDNameProductFamilySeverity
74673openSUSE Security Update : mysql-cluster (openSUSE-SU-2012:0860-1)NessusSuSE Local Security Checks
medium
74654openSUSE Security Update : mysql-community-server (openSUSE-2012-332)NessusSuSE Local Security Checks
medium
69700Amazon Linux AMI : mysql55 (ALAS-2012-93)NessusAmazon Linux Local Security Checks
medium
69508GLSA-201308-06 : MySQL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
64183SuSE 11.1 Security Update : MySQL (SAT Patch Number 6613)NessusSuSE Local Security Checks
medium
63678Scientific Linux Security Update : mysql on SL5.x i386/x86_64 (20130122)NessusScientific Linux Local Security Checks
medium
61393MySQL Authentication Protocol Token Comparison Casting Failure Password BypassNessusDatabases
medium
801157MySQL Server 5.5 < 5.5.24 Multiple Unspecified VulnerabilitiesLog Correlation EngineDatabase
medium
801134MySQL Server 5.1 < 5.1.63 Multiple VulnerabilitiesLog Correlation EngineDatabase
medium
6653Oracle MySQL Server 5.1 < 5.1.63 Multiple VulnerabilitiesNessus Network MonitorDatabase
high
6515Oracle MySQL Server 5.5 < 5.5.24 Multiple Unspecified VulnerabilitiesNessus Network MonitorDatabase
high
59774Debian DSA-2496-1 : mysql-5.1 - several vulnerabilitiesNessusDebian Local Security Checks
medium
59720Fedora 16 : mysql-5.5.24-1.fc16 (2012-9324)NessusFedora Local Security Checks
medium
59546Fedora 17 : mysql-5.5.24-1.fc17 (2012-9308)NessusFedora Local Security Checks
medium
59452Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : mysql-5.1, mysql-5.5, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities (USN-1467-1)NessusUbuntu Local Security Checks
medium
59449MySQL 5.5 < 5.5.24 Security Bypass VulnerabilityNessusDatabases
medium
59448MySQL 5.1 < 5.1.63 Multiple VulnerabilitiesNessusDatabases
medium