CVE-2012-2122 - Self sown Bells

Description

sql/password.c in Oracle MySQL 5.1.x before 5.1.63 5.5.x before 5.5.24 and 5.6.x before 5.6.6 and MariaDB 5.1.x before 5.1.62 5.2.x before 5.2.12 5.3.x before 5.3.6 and 5.5.x before 5.5.23 when running in certain environments with certain implementations of the memcmp function allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password which eventually causes a token comparison to succeed due to an improperly-checked return value.

Reference

http://seclists.org/oss-sec/2012/q2/493 http://securitytracker.com/id?1027143 http://kb.askmonty.org/en/mariadb-5162-release-notes/ http://bugs.mysql.com/bug.php?id=64884 https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql http://secunia.com/advisories/49417 http://www.securityfocus.com/bid/53911 http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html http://www.exploit-db.com/exploits/19092 http://security.gentoo.org/glsa/glsa-201308-06.xml http://secunia.com/advisories/53372

Exploit

Usage: php scanner.php 10.0.0.1/18 [block in cidr notation]

Requirements: php5-cli