[debian-mysql] Bug#677018: mysql-5.1: CVE-2012-2122: MySQL authentication bypass
Henri Salo
henri at nerv.fi
Mon Jun 11 08:04:33 UTC 2012
Package: mysql-5.1
Version: 5.1.61-0+squeeze1
Severity: important
Tags: security
http://seclists.org/oss-sec/2012/q2/493
https://www.secmaniac.com/blog/2012/06/11/massive-mysql-authentication-bypass-exploit/
I haven't verified this as I do not have time at the moment.
References from the email:
References:
MariaDB bug report: https://mariadb.atlassian.net/browse/MDEV-212
MariaDB fix: http://bazaar.launchpad.net/~maria-captains/maria/5.1/revision/3144
MySQL bug report: http://bugs.mysql.com/bug.php?id=64884
MySQL fix: http://bazaar.launchpad.net/~mysql/mysql-server/5.1/revision/3560.10.17
MySQL changelog: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html http://dev.mysql.com/doc/refman/5.5/en/news-5-5-24.html
-- System Information:
Debian Release: 6.0.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.4.1 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
More information about the pkg-mysql-maint
mailing list