CVE-2016-2047

MEDIUM

Description

The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."

References

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html

http://rhn.redhat.com/errata/RHSA-2016-0534.html

http://rhn.redhat.com/errata/RHSA-2016-0705.html

http://rhn.redhat.com/errata/RHSA-2016-1480.html

http://rhn.redhat.com/errata/RHSA-2016-1481.html

http://www.debian.org/security/2016/dsa-3453

http://www.debian.org/security/2016/dsa-3557

http://www.openwall.com/lists/oss-security/2016/01/26/3

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www.securityfocus.com/bid/81810

http://www.securitytracker.com/id/1035606

http://www.ubuntu.com/usn/USN-2953-1

http://www.ubuntu.com/usn/USN-2954-1

https://access.redhat.com/errata/RHSA-2016:1132

https://mariadb.atlassian.net/browse/MDEV-9212

https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/

https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/

https://mariadb.com/kb/en/mdb-10023-rn/

Details

Source: MITRE

Published: 2016-01-27

Updated: 2019-12-27

Type: CWE-254

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 2.2

Severity: MEDIUM

Tenable Plugins

View all (34 total)

IDNameProductFamilySeverity
111709F5 Networks BIG-IP : MySQL vulnerability (K53729441)NessusF5 Networks Local Security Checks
medium
99774EulerOS 2.0 SP1 : mariadb (EulerOS-SA-2016-1011)NessusHuawei Local Security Checks
medium
9615Oracle MySQL 5.7.x < 5.7.12 Multiple VulnerabilitiesNessus Network MonitorDatabase
medium
9611Oracle MySQL 5.6.x < 5.6.30 Multiple VulnerabilitiesNessus Network MonitorDatabase
medium
9607Oracle MySQL 5.5.x < 5.5.49 X.509 Certificate Security BypassNessus Network MonitorDatabase
medium
93159SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2016:1620-1)NessusSuSE Local Security Checks
high
93158SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2016:1619-1)NessusSuSE Local Security Checks
high
93016Amazon Linux AMI : mysql55 (ALAS-2016-738)NessusAmazon Linux Local Security Checks
high
92116Fedora 23 : community-mysql (2016-7c48036d73)NessusFedora Local Security Checks
critical
92063Fedora 22 : community-mysql (2016-1aaf308de4)NessusFedora Local Security Checks
critical
91871openSUSE Security Update : mariadb (openSUSE-2016-780)NessusSuSE Local Security Checks
high
91794openSUSE Security Update : mariadb (openSUSE-2016-761)NessusSuSE Local Security Checks
high
91277openSUSE Security Update : mysql-community-server (openSUSE-2016-607)NessusSuSE Local Security Checks
critical
91239Amazon Linux AMI : mysql56 (ALAS-2016-701)NessusAmazon Linux Local Security Checks
critical
91121SUSE SLES11 Security Update : mysql (SUSE-SU-2016:1279-1)NessusSuSE Local Security Checks
medium
90847FreeBSD : MySQL -- multiple vulnerabilities (8c2b2f11-0ebe-11e6-b55e-b499baebfeaf)NessusFreeBSD Local Security Checks
critical
90834Oracle MySQL 5.7.x < 5.7.12 Multiple Vulnerabilities (RPM Check) (April 2016 CPU) (July 2016 CPU) (October 2017 CPU) (DROWN)NessusDatabases
critical
90832Oracle MySQL 5.6.x < 5.6.30 Multiple Vulnerabilities (April 2016 CPU) (July 2016 CPU) (DROWN)NessusDatabases
critical
90830Oracle MySQL 5.5.x < 5.5.49 Multiple Vulnerabilities (April 2016 CPU) (July 2016 CPU)NessusDatabases
medium
90804Debian DLA-447-1 : mysql-5.5 security updateNessusDebian Local Security Checks
medium
90760Ubuntu 16.04 LTS : mysql-5.7 vulnerabilities (USN-2954-1)NessusUbuntu Local Security Checks
critical
90724Debian DSA-3557-1 : mysql-5.5 - security updateNessusDebian Local Security Checks
medium
90684MySQL 5.7.x < 5.7.12 Multiple Vulnerabilities (DROWN)NessusDatabases
critical
90683MySQL 5.6.x < 5.6.30 Multiple Vulnerabilities (DROWN)NessusDatabases
critical
90682MySQL 5.5.x < 5.5.49 Multiple VulnerabilitiesNessusDatabases
medium
90678Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : mysql-5.5, mysql-5.6 vulnerabilities (USN-2953-1)NessusUbuntu Local Security Checks
critical
90345Scientific Linux Security Update : mariadb on SL7.x x86_64 (20160404)NessusScientific Linux Local Security Checks
high
90300RHEL 7 : mariadb (RHSA-2016:0534)NessusRed Hat Local Security Checks
high
90296Oracle Linux 7 : mariadb (ELSA-2016-0534)NessusOracle Linux Local Security Checks
high
90276CentOS 7 : mariadb (CESA-2016:0534)NessusCentOS Local Security Checks
high
88389Debian DSA-3453-1 : mariadb-10.0 - security updateNessusDebian Local Security Checks
high
87727MariaDB 5.5 < 5.5.47 Multiple VulnerabilitiesNessusDatabases
high
87726MariaDB 10.1.x < 10.1.10 Multiple VulnerabilitiesNessusDatabases
high
87725MariaDB 10.0.x < 10.0.23 Multiple VulnerabilitiesNessusDatabases
high