From $URL : Noticed another post by kingcope on full-disclosure, which basically boils down to re-use of a salt-value when transmitting passwords over a network. If you could MITM/capture network packets, you could use this weakness to determine the passwords. References: http://seclists.org/fulldisclosure/2012/Dec/58 https://bugzilla.redhat.com/show_bug.cgi?id=883719 New bug because bug 434874 has ebuild status and this should be upstream.
Upstream has released and fixed versions are in portage ( 5.5.29, 5.3.12, 5.2.14 )
@mysql team: the 5.1 series seems to be affected ( https://mariadb.atlassian.net/browse/MDEV-3915 ) but 5.1.67 does not contain a fix. Please clean the vulnerable versions.
As I said, the 5.1 series is not fixed. This version is now masked in the tree. The rest of the cleanup is done. Closing as noglsa.
CVE-2012-5627 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5627): Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.
