Описание
The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."
It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | mysql55-mysql | Will not fix | ||
| Red Hat Enterprise Linux 6 | mysql | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) | mariadb-galera | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) | mariadb-galera | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | mariadb-galera | Will not fix | ||
| Red Hat OpenStack Platform 8 (Liberty) | mariadb-galera | Will not fix | ||
| Red Hat Software Collections | rh-mariadb101-mariadb | Not affected | ||
| Red Hat Enterprise Linux 7 | mariadb | Fixed | RHSA-2016:0534 | 31.03.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-mysql56-mysql | Fixed | RHSA-2016:0705 | 02.05.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-mariadb100-mariadb | Fixed | RHSA-2016:1132 | 26.05.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.9 Medium
CVSS2
Связанные уязвимости
The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."
The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."
The ssl_verify_server_cert function in sql-common/client.c in MariaDB ...
The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."
EPSS
4.9 Medium
CVSS2