LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

mysql: authentication bypass

Package(s):mysql-5.1, mysql-5.5, mysql-dfsg-5.0, mysql-dfsg-5.1 CVE #(s):CVE-2012-2122
Created:June 12, 2012 Updated:August 13, 2012
Description: From the Ubuntu advisory:

It was discovered that certain builds of MySQL incorrectly handled password authentication on certain platforms. A remote attacker could use this issue to authenticate with an arbitrary password and establish a connection.

Alerts:
Ubuntu USN-1467-1 2012-06-11
Fedora FEDORA-2012-9308 2012-06-17
Debian DSA-2496-1 2012-06-18
Fedora FEDORA-2012-9324 2012-06-26
openSUSE openSUSE-SU-2012:0860-1 2012-07-11
SUSE SUSE-SU-2012:0984-1 2012-08-13
Red Hat RHSA-2013:0180-01 2013-01-22
CentOS CESA-2013:0180 2013-01-22
Oracle ELSA-2013-0180 2013-01-22
Scientific Linux SL-mysq-20130123 2013-01-23
Mandriva MDVSA-2013:008 2013-02-06
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds