Is RHEL affected by CVE-2012-2122, a MySQL authentication bypass vulnerability?
Issue
- Our Computer Security Team is asking if: http://seclists.org/oss-sec/2012/q2/493
(https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql) is affecting Red Hat Enterprise Linux versions 4 ELS, 5 and 6 versions of MySQL package. - "Security vulnerability in MySQL/MariaDB sql/password.c"
- "Massive MYSQL Authentication Bypass Exploit « Dave (ReL1K) Kennedy's Security Haven"
- "CVE-2012-2122: A Tragically Comedic Security Flaw in MySQL"
Environment
- Red Hat Enterprise Linux versions (RHEL) 6
- Red Hat Enterprise Linux versions 5
- Red Hat Enterprise Linux versions 4 Extended Lifecycle Support (ELS)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.