Skip to main content

MySQL memcmp() Comparison Error Vulnerability

Last Update Date: 13 Jun 2012 15:08 Release Date: 13 Jun 2012 5348 Views

RISK: High Risk

TYPE: Servers - Database Servers

TYPE: Database Servers

A vulnerability has been identified in MySQL. A remote user can bypass authentication.

 

A remote user can trigger a flaw in comparing authentication data to bypass authentication.

 

Versions compiled with a memcmp() function that can return an arbitrary integer (outside of -128 .. 127 range) are affected.


Impact

  • Security Restriction Bypass

System / Technologies affected

  • MySQL 5.1.61, 5.2.11, 5.3.5, 5.5.22 and prior versions

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

 


Vulnerability Identifier


Source


Related Link