CVE-2016-2047 — MEDIUM (5.9)

Q: How severe is CVE-2016-2047?

CVE-2016-2047 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-2047?

Check the references section above for vendor advisories and patch information. Affected products include: Mariadb Mariadb, Oracle Linux, Oracle Mysql, Opensuse Leap, Redhat Enterprise Linux.

Vulnerability Description

The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."

CVSS Score

5.9

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Mariadb	Mariadb	>= 5.5.20, < 5.5.47
Oracle	Linux	7
Oracle	Mysql	>= 5.5.0, <= 5.5.48
Opensuse	Leap	42.1
Redhat	Enterprise Linux	6.0
Debian	Debian Linux	8.0
Canonical	Ubuntu Linux	12.04

Related Weaknesses (CWE)

CWE-254

References

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0534.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0705.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1480.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1481.htmlThird Party Advisory
http://www.debian.org/security/2016/dsa-3453Third Party Advisory
http://www.debian.org/security/2016/dsa-3557Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/01/26/3Mailing ListThird Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlPatchVendor Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.hThird Party Advisory

FAQ

What is CVE-2016-2047?

CVE-2016-2047 is a vulnerability with a CVSS score of 5.9 (MEDIUM). The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 a...

How severe is CVE-2016-2047?

CVE-2016-2047 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-2047?

Check the references section above for vendor advisories and patch information. Affected products include: Mariadb Mariadb, Oracle Linux, Oracle Mysql, Opensuse Leap, Redhat Enterprise Linux.