| Name | CVE-2012-2122 |
| Description | sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-2496-1 |
| Debian Bugs | 677018 |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| mysql-5.1 | source | squeeze | 5.1.63-0+squeeze1 | DSA-2496-1 | ||
| mysql-5.1 | source | (unstable) | (unfixed) | 677018 | ||
| mysql-5.5 | source | (unstable) | 5.5.24+dfsg-1 |
https://www.secmaniac.com/blog/2012/06/11/massive-mysql-authentication-bypass-exploit/
http://seclists.org/oss-sec/2012/q2/493
Issue only triggered with specific optimisation in glibc enabled; no builds in Debian known to be affected.
Fixed versions indicate application of upstream patch which prevents issue regardless of opt.settings.