MySQL memcmp() Comparison Error Vulnerability

Last Update Date: 13 Jun 2012 15:08 Release Date: 13 Jun 2012 5348 Views

RISK: High Risk

TYPE: Servers - Database Servers

TYPE: Database Servers

A vulnerability has been identified in MySQL. A remote user can bypass authentication.

A remote user can trigger a flaw in comparing authentication data to bypass authentication.

Versions compiled with a memcmp() function that can return an arbitrary integer (outside of -128 .. 127 range) are affected.

Impact

Security Restriction Bypass

System / Technologies affected

MySQL 5.1.61, 5.2.11, 5.3.5, 5.5.22 and prior versions

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

The vendor has issued a fix (5.1.63, 5.5.24, 5.6.6).
http://bugs.mysql.com/bug.php?id=64884

Vulnerability Identifier

CVE-2012-2122

Source

SecurityTracker

Related Link

http://securitytracker.com/id/1027143

Share with

Apple iTunes Multiple Vulnerabilities

13 Jun 2012 4927 Views

Adobe ColdFusion Component Browser Vulnerability

13 Jun 2012 5012 Views