Lucene search
AmazonALAS-2012-093HistoryJul 05, 2012 - 4:07 p.m.
Important: mysql55
2012-07-0516:07:00
alas.aws.amazon.com
26
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.968 High
EPSS
Percentile
99.7%
Issue Overview:
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
Affected Packages:
mysql55
Issue Correction:
Run yum update mysql55 to update your system.
New Packages:
i686:
mysql55-embedded-devel-5.5.24-1.24.amzn1.i686
mysql55-debuginfo-5.5.24-1.24.amzn1.i686
mysql55-server-5.5.24-1.24.amzn1.i686
mysql55-common-5.5.24-1.24.amzn1.i686
mysql55-test-5.5.24-1.24.amzn1.i686
mysql55-embedded-5.5.24-1.24.amzn1.i686
mysql55-bench-5.5.24-1.24.amzn1.i686
mysql55-libs-5.5.24-1.24.amzn1.i686
mysql55-5.5.24-1.24.amzn1.i686
mysql55-devel-5.5.24-1.24.amzn1.i686
src:
mysql55-5.5.24-1.24.amzn1.src
x86_64:
mysql55-libs-5.5.24-1.24.amzn1.x86_64
mysql55-test-5.5.24-1.24.amzn1.x86_64
mysql55-embedded-devel-5.5.24-1.24.amzn1.x86_64
mysql55-debuginfo-5.5.24-1.24.amzn1.x86_64
mysql55-bench-5.5.24-1.24.amzn1.x86_64
mysql55-common-5.5.24-1.24.amzn1.x86_64
mysql55-5.5.24-1.24.amzn1.x86_64
mysql55-devel-5.5.24-1.24.amzn1.x86_64
mysql55-server-5.5.24-1.24.amzn1.x86_64
mysql55-embedded-5.5.24-1.24.amzn1.x86_64
Additional References
Red Hat: CVE-2012-2122
Mitre: CVE-2012-2122
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | mysql55-embedded-devel | < 5.5.24-1.24.amzn1 | mysql55-embedded-devel-5.5.24-1.24.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | mysql55-debuginfo | < 5.5.24-1.24.amzn1 | mysql55-debuginfo-5.5.24-1.24.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | mysql55-server | < 5.5.24-1.24.amzn1 | mysql55-server-5.5.24-1.24.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | mysql55-common | < 5.5.24-1.24.amzn1 | mysql55-common-5.5.24-1.24.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | mysql55-test | < 5.5.24-1.24.amzn1 | mysql55-test-5.5.24-1.24.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | mysql55-embedded | < 5.5.24-1.24.amzn1 | mysql55-embedded-5.5.24-1.24.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | mysql55-bench | < 5.5.24-1.24.amzn1 | mysql55-bench-5.5.24-1.24.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | mysql55-libs | < 5.5.24-1.24.amzn1 | mysql55-libs-5.5.24-1.24.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | mysql55 | < 5.5.24-1.24.amzn1 | mysql55-5.5.24-1.24.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | mysql55-devel | < 5.5.24-1.24.amzn1 | mysql55-devel-5.5.24-1.24.amzn1.i686.rpm |
Related
canvas
canvas
Immunity Canvas: MYSQL_LOGIN_REMOTE
2012-06-26 18:55:00
securityvulns
securityvulns
[USN-1467-1] MySQL vulnerabilities
2012-06-12 00:00:00
MySQL authentication vulnerability
2012-06-12 00:00:00
openvas
openvas
openSUSE: Security Advisory for mysql (openSUSE-SU-2012:0860-1)
2012-12-13 00:00:00
Fedora Update for mysql FEDORA-2012-9308
2012-08-30 00:00:00
SuSE Update for mysql openSUSE-SU-2012:0860-1 (mysql)
2012-12-13 00:00:00
ubuntucve
ubuntucve
CVE-2012-2122
2012-06-11 00:00:00
nessus
nessus
openSUSE Security Update : mysql-cluster (openSUSE-SU-2012:0860-1)
2014-06-13 00:00:00
Fedora 16 : mysql-5.5.24-1.fc16 (2012-9324)
2012-06-27 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: mysql-5.5.24-1.fc17
2012-06-17 22:24:29
[SECURITY] Fedora 16 Update: mysql-5.5.24-1.fc16
2012-06-26 21:30:56
[SECURITY] Fedora 17 Update: mysql-5.5.28-2.fc17
2012-12-15 18:00:29
packetstorm
packetstorm
Kartoo Search Engine XSS / Remote File Inclusion
2013-11-19 00:00:00
MySQL Remote Root Authentication Bypass
2012-06-12 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2012-06-11 00:00:00
cve
cve
CVE-2012-2122
2012-06-26 18:55:00
checkpoint_advisories
checkpoint_advisories
MySQL and MariaDB Incorrect Cast Policy Bypass - Ver2 (CVE-2012-2122)
2015-03-26 00:00:00
prion
prion
Authentication flaw
2012-06-26 18:55:00
osv
osv
mysql-5.1 - several
2012-06-18 00:00:00
suse
suse
mysql (CVE-2012-2122) (important)
2012-07-11 11:08:34
Security update for MySQL (important)
2012-08-13 19:08:39
seebug
seebug
MariaDB/MySQL 概率性任意密码(身份认证)登录漏洞(CVE-2012-2122)
2012-06-11 00:00:00
f5
f5
K14428 : MySQL vulnerability CVE-2012-2122
2013-09-23 00:00:00
SOL14428 - MySQL vulnerability CVE-2012-2122
2013-05-23 00:00:00
metasploit
metasploit
MySQL Authentication Bypass Password Dump
2012-06-17 11:19:53
thn
thn
CVE-2012-2122 : Serious Mysql Authentication Bypass Vulnerability
2012-06-11 07:29:00
threatpost
threatpost
Trivial Password Flaw Leaves MySQL Databases Exposed
2012-06-11 14:03:23
veracode
veracode
Privilege Escalation
2021-08-28 21:30:09
exploitdb
exploitdb
HackBack - A DIY Guide
2016-04-17 00:00:00
nmap
nmap
mysql-vuln-cve2012-2122 NSE Script
2012-06-13 06:12:13
oraclelinux
oraclelinux
mysql security update
2013-01-22 00:00:00
centos
centos
mysql security update
2013-01-22 21:34:28
mysql security update
2012-11-15 03:44:02
redhat
redhat
(RHSA-2013:0180) Important: mysql security update
2013-01-22 00:00:00
(RHSA-2012:1462) Important: mysql security update
2012-11-14 00:00:00
debian
debian
[SECURITY] [DSA 2496-1] mysql-5.1 security update
2012-06-18 20:37:59
kitploit
kitploit
Jok3R - Network And Web Pentest Framework
2019-01-23 12:25:00
gentoo
gentoo
MySQL: Multiple vulnerabilities
2013-08-29 00:00:00
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.968 High
EPSS
Percentile
99.7%
Related for ALAS-2012-093