← volver
CVE-2012-2122

CVE-2012-2122

EPSS 96.2%
Vexday Risk Score
60Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS EPSS 96.2%KEV nãoPoC públicaNuclei simMetasploit simPatch referenciado
Ciclo de vida
09 jun 2012Exploit Metasploit disponible
12 jun 2012PoC pública
26 jun 2012Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
Productos afectados
n/a · n/a
PoCs públicas encontradas6
githubgithub.com/Avinza/CVE-2012-2122-scanner1githubgithub.com/cyberharsh/Oracle-mysql-CVE-2012-21221githubgithub.com/zhangkaibin0921/CVE-2012-21220githubgithub.com/netw0rk7/CVE-2012-2122-Home-Lab0cve_referencewww.exploit-db.com/exploits/19092no verificadoexploitdbwww.exploit-db.com/exploits/19092no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://bugs.mysql.com/bug.php?id=64884http://kb.askmonty.org/en/mariadb-5162-release-notes/http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.htmlhttps://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysqlhttp://seclists.org/oss-sec/2012/q2/493http://secunia.com/advisories/49417http://secunia.com/advisories/53372http://security.gentoo.org/glsa/glsa-201308-06.xmlhttp://securitytracker.com/id?1027143http://www.exploit-db.com/exploits/19092http://www.securityfocus.com/bid/53911