Korean
<< Back
VID 25120
Severity 30
Port 3306
Protocol TCP
Class DB
Detailed Description The version of MySQL 5.5 installed on the remote host is earlier than 5.5.24.
A flaw in the MySQL server allows remote users to authenticate without a valid password due to a failure when casting a randomly generated token and comparing it to an expected value.

* Note: This check solely relied on the banner of the remote MySQL server to assess this vulnerability, so this might be a false positive.

* References:
http://seclists.org/oss-sec/2012/q2/493
http://bugs.mysql.com/bug.php?id=64884

* Platforms Affected:
MySQL versions 5.5.x prior to 5.5.24
Any operating system Any version
Recommendation Upgrade to the latest version of MySQL (5.5.24 or later), available from the MySQL Web site at http://www.mysql.com/
Related URL CVE-2012-2122 (CVE)
Related URL 53911 (SecurityFocus)
Related URL (ISS)