CVE-2015-3152
MEDIUM severity · CVSS 5.9 · CWE-295
5.9CVSS MEDIUM
Summary
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.
Impact & exploitability
Attack vectorNetwork
Attack complexityHigh
Privileges requiredNone
User interactionNone
Confidentiality impactNone
Integrity impactHigh
Availability impactNone
Exploit probability (EPSS)40%
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.htmlAdvisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.htmlAdvisory
- http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/Advisory
- http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.htmlAdvisory
- http://rhn.redhat.com/errata/RHSA-2015-1646.htmlAdvisory
- http://rhn.redhat.com/errata/RHSA-2015-1647.htmlAdvisory
- http://rhn.redhat.com/errata/RHSA-2015-1665.htmlAdvisory
- http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/Advisory