CVE-2016-2047
Published on: 01/27/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:15 PM UTC
Certain versions of Ubuntu Linux from Canonical contain the following vulnerability:
The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."
- CVE-2016-2047 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 5.9 - MEDIUM
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
|---|---|---|---|---|
| NETWORK | HIGH | NONE | NONE | |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
| UNCHANGED | NONE | HIGH | NONE |
CVSS2 Score: 4.3 - MEDIUM
| Access Vector ⓘ |
Access Complexity |
Authentication |
|---|---|---|
| NETWORK | MEDIUM | NONE |
| Confidentiality Impact |
Integrity Impact |
Availability Impact |
| NONE | PARTIAL | NONE |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| [security-announce] SUSE-SU-2016:1619-1: important: Security update for | Mailing List Third Party Advisory lists.opensuse.org text/html |
SUSE SUSE-SU-2016:1619 |
| Oracle.com Outage | Patch Vendor Advisory www.oracle.com text/html Inactive LinkNot Archived |
CONFIRM www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html |
| MariaDB/MySQL/Percona Server CVE-2016-2047 SSL Certificate Validation Security Bypass Vulnerability | Third Party Advisory VDB Entry cve.report (archive) text/html |
BID 81810 |
| Red Hat Customer Portal | Third Party Advisory web.archive.org text/html Inactive LinkNot Archived |
REDHAT RHSA-2016:0705 |
| Red Hat Customer Portal | Third Party Advisory web.archive.org text/html Inactive LinkNot Archived |
REDHAT RHSA-2016:1481 |
| USN-2954-1: MySQL vulnerabilities | Ubuntu | Third Party Advisory www.ubuntu.com text/html |
UBUNTU USN-2954-1 |
| MariaDB 5.5.47 Release Notes - MariaDB Knowledge Base | Vendor Advisory mariadb.com text/html |
CONFIRM mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ |
| Debian -- Security Information -- DSA-3557-1 mysql-5.5 | Third Party Advisory www.debian.org Depreciated Link text/html |
DEBIAN DSA-3557 |
| [security-announce] openSUSE-SU-2016:1664-1: important: Security update | Mailing List Third Party Advisory lists.opensuse.org text/html |
SUSE openSUSE-SU-2016:1664 |
| [security-announce] SUSE-SU-2016:1279-1: important: Security update for | Mailing List Third Party Advisory lists.opensuse.org text/html |
SUSE SUSE-SU-2016:1279 |
| [security-announce] SUSE-SU-2016:1620-1: important: Security update for | Mailing List Third Party Advisory lists.opensuse.org text/html |
SUSE SUSE-SU-2016:1620 |
| [security-announce] openSUSE-SU-2016:1686-1: important: Security update | Third Party Advisory lists.opensuse.org text/html |
SUSE openSUSE-SU-2016:1686 |
| Oracle Linux Bulletin - April 2016 | Third Party Advisory www.oracle.com text/html |
CONFIRM www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html |
| Debian -- Security Information -- DSA-3453-1 mariadb-10.0 | Third Party Advisory www.debian.org Depreciated Link text/html |
DEBIAN DSA-3453 |
| Red Hat Customer Portal | Third Party Advisory web.archive.org text/html Inactive LinkNot Archived |
REDHAT RHSA-2016:0534 |
| MySQL Multiple Bugs Let Remote Users Access and Modify Data and Deny Service and Let Remote and Remote Authenticated Users Gain Elevated Privileges - SecurityTracker | Third Party Advisory VDB Entry www.securitytracker.com text/html |
SECTRACK 1035606 |
| USN-2953-1: MySQL vulnerabilities | Ubuntu | Third Party Advisory www.ubuntu.com text/html |
UBUNTU USN-2953-1 |
| MariaDB 10.0.23 Release Notes - MariaDB Knowledge Base | Vendor Advisory mariadb.com text/html |
CONFIRM mariadb.com/kb/en/mdb-10023-rn/ |
| Red Hat Customer Portal | Third Party Advisory access.redhat.com text/html |
REDHAT RHSA-2016:1132 |
| [MDEV-9212] ssl-validate-cert incorrect hostname check - JIRA | Vendor Advisory mariadb.atlassian.net text/html |
CONFIRM mariadb.atlassian.net/browse/MDEV-9212 |
| oss-security - Flaw in mariadb clients SSL certificate validation | Mailing List Third Party Advisory www.openwall.com text/html |
MLIST [oss-security] 20160126 Flaw in mariadb clients SSL certificate validation |
| Red Hat Customer Portal | Third Party Advisory web.archive.org text/html Inactive LinkNot Archived |
REDHAT RHSA-2016:1480 |
| MariaDB 10.1.10 Release Notes - MariaDB Knowledge Base | Vendor Advisory mariadb.com text/html |
CONFIRM mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ |
| [security-announce] openSUSE-SU-2016:1332-1: important: Security update | Mailing List Third Party Advisory lists.opensuse.org text/html |
SUSE openSUSE-SU-2016:1332 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 15.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 15.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Application | Mariadb | Mariadb | All | All | All | All |
| Application | Mariadb | Mariadb | All | All | All | All |
| Operating System | Opensuse | Leap | 42.1 | All | All | All |
| Operating System | Opensuse | Leap | 42.1 | All | All | All |
| Operating System | Oracle | Linux | 7 | All | All | All |
| Operating System | Oracle | Linux | 7 | All | All | All |
| Application | Oracle | Mysql | All | All | All | All |
| Application | Oracle | Mysql | All | All | All | All |
| Application | Oracle | Mysql | All | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*:
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*:
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*:
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*:
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*:
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE