|Description||sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.|
|Source||CVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)|
|NVD severity||medium (attack range: remote)|
|Debian/testing||not known to be vulnerable.|
Vulnerable and fixed packages
The table below lists information on source packages.
|mysql-5.1 (PTS)||squeeze, squeeze (security)||5.1.73-1||fixed|
|mysql-5.5 (PTS)||wheezy (security), wheezy||5.5.44-0+deb7u1||fixed|
|sid, jessie (security), jessie||5.5.44-0+deb8u1||fixed|
The information below is based on the following data on fixed versions.
Issue only triggered with specific optimisation in glibc enabled; no builds in Debian known to be affected.
Fixed versions indicate application of upstream patch which prevents issue regardless of opt.settings.