Bug 766428

Summary: mysql-cluster-7.1.21 seem to be vulnerable: CVE-2012-2122
Product: [openSUSE] openSUSE 12.1 Reporter: Johannes Weberhofer <jweberhofer>
Component: SecurityAssignee: Michal Hrusecky <mhrusecky>
Status: RESOLVED DUPLICATE QA Contact: E-mail List <qa-bugs>
Severity: Critical    
Priority: P5 - None CC: security-team, suse-beta
Version: Final   
Target Milestone: ---   
Hardware: x86-64   
OS: openSUSE 12.1   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Johannes Weberhofer 2012-06-11 15:48:42 UTC 
User-Agent:       Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:13.0) Gecko/20100101 Firefox/13.0

Check the bug on http://seclists.org/oss-sec/2012/q2/493

Reproducible: Always

Steps to Reproduce:
for i in `seq 1 1000`; do mysql -u root --password=bad -h 127.0.0.1 2>/dev/null; done
Actual Results:  
You get a mysql-root-shell
Comment 1 Christian Boltz 2012-06-11 16:34:21 UTC 
I can also reproduce this with mysql-community-server on 12.2 Factory.
Comment 2 Christian Boltz 2012-06-11 16:53:44 UTC 
also reproducable on 11.3 (which implies 11.4 also shares this issue). 11.2 (Evergreen) might also share this issue (guess based on the mysql version number) - I'll send a mail to the evergreen list.

On the positive side, 11.1 is not affected.
Comment 3 Ludwig Nussel 2012-06-12 07:25:38 UTC 
already tracked in bug 765092

*** This bug has been marked as a duplicate of bug 765092 ***