| Title | Oracle MySQL および MariaDB の sql/password.c における認証を回避される脆弱性 |
|---|---|
| Summary | Oracle MySQL および MariaDB の sql/password.c は、memcmp 関数の特定の実装を含む特定の環境で稼働する場合、認証を回避される脆弱性が存在します。 |
| Possible impacts | 第三者により、戻り値の不適切なチェック (improperly-checked) により最終的にトークンの比較が成功するため、同じ不正なパスワードで繰り返し認証されることで、認証を回避される可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | June 26, 2012, midnight |
| Registration Date | June 28, 2012, 4:39 p.m. |
| Last Update | Oct. 22, 2012, 2:34 p.m. |
| CVSS2.0 : 警告 | |
| Score | 5.1 |
|---|---|
| Vector | AV:N/AC:H/Au:N/C:P/I:P/A:P |
| オラクル |
| MySQL 5.1.63 未満の 5.1.x |
| MySQL 5.5.24 未満の 5.5.x |
| MySQL 5.6.6 未満の 5.6.x |
| MariaDB Corporation Ab. |
| MariaDB 5.1.62 未満の 5.1.x |
| MariaDB 5.2.12 未満の 5.2.x |
| MariaDB 5.3.6 未満の 5.3.x |
| MariaDB 5.5.23 未満の 5.5.x |
| No | Changed Details | Date of change |
|---|---|---|
| 0 | [2012年06月28日] 掲載 [2012年10月22日] ベンダ情報:openSUSE (SUSE-SU-2012:0984) を追加 |
Feb. 17, 2018, 10:37 a.m. |
| Summary | sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value. |
|---|---|
| Publication Date | June 27, 2012, 3:55 a.m. |
| Registration Date | Jan. 28, 2021, 2:57 p.m. |
| Last Update | Nov. 21, 2024, 10:38 a.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:oracle:mysql:5.1.52:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:mysql:5.1.59:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:mysql:5.1.51:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:mysql:5.1.60:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:mysql:5.1.52:sp1:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:mysql:5.1.54:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:mysql:5.1.53:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:mysql:5.1.61:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:mysql:5.1.55:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:mysql:5.1.57:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:mysql:5.1.58:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:mysql:5.1.56:*:*:*:*:*:*:* | |||||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:a:oracle:mysql:5.5.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:mysql:5.5.19:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:mysql:5.5.17:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:mysql:5.5.14:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:mysql:5.5.16:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:mysql:5.5.11:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:mysql:5.5.21:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:mysql:5.5.20:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:mysql:5.5.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:mysql:5.5.15:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:mysql:5.5.13:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:mysql:5.5.12:*:*:*:*:*:*:* | |||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:a:oracle:mysql:5.6.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:mysql:5.6.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:mysql:5.6.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:mysql:5.6.2:*:*:*:*:*:*:* | |||||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:a:mariadb:mariadb:5.1.49:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mariadb:mariadb:5.1.47:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mariadb:mariadb:5.1.51:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mariadb:mariadb:5.1.42:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mariadb:mariadb:5.1.61:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mariadb:mariadb:5.1.50:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mariadb:mariadb:5.1.53:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mariadb:mariadb:5.1.44:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mariadb:mariadb:5.1.55:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mariadb:mariadb:5.1.41:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mariadb:mariadb:5.1.60:*:*:*:*:*:*:* | |||||
| Configuration5 | or higher | or less | more than | less than | |
| cpe:2.3:a:mariadb:mariadb:5.2.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mariadb:mariadb:5.2.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mariadb:mariadb:5.2.9:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mariadb:mariadb:5.2.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mariadb:mariadb:5.2.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mariadb:mariadb:5.2.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mariadb:mariadb:5.2.8:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mariadb:mariadb:5.2.11:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mariadb:mariadb:5.2.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mariadb:mariadb:5.2.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mariadb:mariadb:5.2.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mariadb:mariadb:5.2.2:*:*:*:*:*:*:* | |||||
| Configuration6 | or higher | or less | more than | less than | |
| cpe:2.3:a:mariadb:mariadb:5.3.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mariadb:mariadb:5.3.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mariadb:mariadb:5.3.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mariadb:mariadb:5.3.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mariadb:mariadb:5.3.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mariadb:mariadb:5.3.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mariadb:mariadb:5.3.3:*:*:*:*:*:*:* | |||||
| Configuration7 | or higher | or less | more than | less than | |
| cpe:2.3:a:mariadb:mariadb:5.5.20:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mariadb:mariadb:5.5.22:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:mariadb:mariadb:5.5.21:*:*:*:*:*:*:* | |||||