CVE-2016-2047
Last modified
CVE-2016-2047 is a vulnerability of currently unknown severity. The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com.". EPSS estimates a 3.77% chance of exploitation in the next 30 days.
Description
The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mariadb | Mariadb | >= 5.5.20, < 5.5.47 |
| Mariadb | Mariadb | >= 10.0.0, < 10.0.23 |
| Mariadb | Mariadb | >= 10.1.0, < 10.1.10 |
| Oracle | Linux | 7 |
| Oracle | Mysql | >= 5.5.0, <= 5.5.48 |
| Oracle | Mysql | >= 5.6.0, <= 5.6.29 |
| Oracle | Mysql | >= 5.7.0, <= 5.7.11 |
| Opensuse | Leap | 42.1 |
| Redhat | Enterprise Linux | 6.0 |
| Redhat | Enterprise Linux | 7.0 |
| Debian | Debian Linux | 8.0 |
| Debian | Debian Linux | 9.0 |
| Canonical | Ubuntu Linux | 12.04 |
| Canonical | Ubuntu Linux | 14.04 |
| Canonical | Ubuntu Linux | 15.10 |
| Canonical | Ubuntu Linux | 16.04 |
References
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2016-0534.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2016-0705.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2016-1480.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2016-1481.htmlThird Party Advisory
- http://www.debian.org/security/2016/dsa-3453Third Party Advisory
- http://www.debian.org/security/2016/dsa-3557Third Party Advisory
- http://www.openwall.com/lists/oss-security/2016/01/26/3Mailing List, Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlPatch, Vendor Advisory
- http://www.securityfocus.com/bid/81810Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1035606Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-2953-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2954-1Third Party Advisory
- https://access.redhat.com/errata/RHSA-2016:1132Third Party Advisory
- https://mariadb.atlassian.net/browse/MDEV-9212Vendor Advisory
- https://mariadb.com/kb/en/mdb-10023-rn/Vendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2016-0534.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2016-0705.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2016-1480.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2016-1481.htmlThird Party Advisory
- http://www.debian.org/security/2016/dsa-3453Third Party Advisory
- http://www.debian.org/security/2016/dsa-3557Third Party Advisory
- http://www.openwall.com/lists/oss-security/2016/01/26/3Mailing List, Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlPatch, Vendor Advisory
- http://www.securityfocus.com/bid/81810Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1035606Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-2953-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2954-1Third Party Advisory
- https://access.redhat.com/errata/RHSA-2016:1132Third Party Advisory
- https://mariadb.atlassian.net/browse/MDEV-9212Vendor Advisory
- https://mariadb.com/kb/en/mdb-10023-rn/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-2047?
How severe is CVE-2016-2047?
How do I fix CVE-2016-2047?
Are you affected by CVE-2016-2047?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST