The ssl_verify_server_cert function in sql-common/client.c in MariaDB prior to 5.5.47, 10.0.x prior to 10.0.23, and 10.1.x prior to 10.1.10; Oracle MySQL 5.5.48 and previous versions, 5.6.29 and previous versions, and 5.7.11 and previous versions; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mariadb mariadb |
||
oracle linux 7 |
||
oracle mysql |
||
opensuse leap 42.1 |
||
redhat enterprise linux 7.0 |
||
redhat enterprise linux 6.0 |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 15.10 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 14.04 |