#VU46 Spoofing attack in Oracle Linux - CVE-2016-2047

Cybersecurity Help s.r.o.

Published: 2016-06-28 | Updated: 2018-11-22

Vulnerability identifier: #VU46

Vulnerability risk: Low

CVSSv4.0: 2.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2016-2047

CWE-ID: CWE-300

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Oracle Linux
Operating systems & Components / Operating system

Vendor: Oracle

Description

The vulnerability allows a remote attacker to gain to perform a MitM attack.

The vulnerability exists due to improper validation of server hostname in Common Name (CN) or subjectAltName field of X.509 certificate in ssl_verify_server_cert() function in sql-common/client.c. A remote attacker can create a specially crafted certificate and spoof SSL server via multiple CN strings within one filed, e.g. "/OU=/CN=bar.com/CN=foo.com".

Successful exploitation of this vulnerability may allow an attacker to perform Man-in-the-Middle (MitM) attack and intercept SSL traffic and perform spoofing attack.

Mitigation
Install the latest version MySQL 5.5.50, 5.6.31 or 5.7.13.

Vulnerable software versions

Oracle Linux: 7

External links
https://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
https://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Spoofing attack in MySQL