Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2012-2122

Опубликовано: 26 июн. 2012
Источник: nvd
CVSS2: 5.1
EPSS Критический

Описание

sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:oracle:mysql:5.1.51:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.52:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.52:sp1:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.53:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.54:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.55:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.56:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.57:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.58:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.59:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.60:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.1.61:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:oracle:mysql:5.5.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.5.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.5.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.5.13:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.5.14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.5.15:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.5.16:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.5.17:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.5.18:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.5.19:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.5.20:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.5.21:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:oracle:mysql:5.6.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.6.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.6.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.6.5:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:mariadb:mariadb:5.1.41:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.1.42:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.1.44:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.1.47:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.1.49:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.1.50:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.1.51:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.1.53:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.1.55:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.1.60:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.1.61:*:*:*:*:*:*:*
Конфигурация 5

Одно из

cpe:2.3:a:mariadb:mariadb:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.2.3:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.2.4:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.2.5:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.2.6:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.2.7:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.2.8:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.2.9:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.2.10:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.2.11:*:*:*:*:*:*:*
Конфигурация 6

Одно из

cpe:2.3:a:mariadb:mariadb:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.3.2:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.3.3:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.3.4:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.3.5:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.3.6:*:*:*:*:*:*:*
Конфигурация 7

Одно из

cpe:2.3:a:mariadb:mariadb:5.5.20:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.5.21:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:5.5.22:*:*:*:*:*:*:*

EPSS

Процентиль: 100%
0.94033
Критический

5.1 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

ubuntu логотип

CVE-2012-2122

ubuntu
почти 13 лет назад

sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.

redhat логотип

CVE-2012-2122

redhat
около 13 лет назад

sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.

debian логотип

CVE-2012-2122

debian
почти 13 лет назад

sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.2 ...

github логотип

GHSA-4qx9-mwf7-7cx8

github
около 3 лет назад

sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.

EPSS

Процентиль: 100%
0.94033
Критический

5.1 Medium

CVSS2

Дефекты

CWE-287