You are here

U-188: MySQL User Login Security Bypass and Unspecified Vulnerability

June 12, 2012 - 7:00am

Addthis

PROBLEM:

A security issue and vulnerability have been reported in MySQL

PLATFORM:

MySQL 5.x

ABSTRACT:

An error when verifying authentication attempts can be exploited to bypass the authentication mechanism.

 Reference LINKS:

Original Advisory
CVE-2012-2122
Secunia Advisory 49409

IMPACT ASSESSMENT:

High

Discussion:

Successful exploitation of this vulnerability requires MySQL to be built on a system with a library that allows "memcmp()" to return a value outside of the -128 through 127 range (e.g. sse-optimized glibc). NOTE: Vendor binaries are reportedly not affected.
The security issue is reported in versions prior to 5.1.63 and 5.5.25.

Impact:

Security Bypass

Solution:

Update to version 5.1.63 or 5.5.25.

Addthis