MySQL CVE-2017-3305 Man in the Middle Security Bypass Vulnerability

MySQL is prone to a security-bypass vulnerability.

Successfully exploiting this issue may allow attackers to bypass certain security restrictions and perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks.

MySQL versions 5.5.49 and 5.6.30 are vulnerable; other versions may also be affected.

Information

Bugtraq ID: 97023
Class: Design Error
CVE: CVE-2017-3305

Remote: Yes
Local: No
Published: Mar 13 2017 12:00AM
Updated: Apr 19 2017 03:04PM
Credit: Pali Rohár
Vulnerable: Redhat Collections for Red Hat Enterprise Linux 0
Oracle Mysql 5.6.35
Oracle Mysql 5.6.34
Oracle Mysql 5.6.33
Oracle Mysql 5.6.32
Oracle Mysql 5.6.31
Oracle Mysql 5.6.30
Oracle Mysql 5.6.28
Oracle Mysql 5.6.27
Oracle Mysql 5.6.26
Oracle Mysql 5.6.25
Oracle Mysql 5.6.24
Oracle Mysql 5.6.23
Oracle Mysql 5.6.22
Oracle Mysql 5.6.21
Oracle Mysql 5.6.17
Oracle Mysql 5.6.12
Oracle Mysql 5.6.11
Oracle Mysql 5.6.10
Oracle Mysql 5.6.9
Oracle Mysql 5.6.6
Oracle Mysql 5.6.5
Oracle Mysql 5.6
Oracle Mysql 5.5.54
Oracle Mysql 5.5.53
Oracle Mysql 5.5.52
Oracle Mysql 5.5.51
Oracle Mysql 5.5.50
Oracle Mysql 5.5.49
Oracle Mysql 5.5.46
Oracle Mysql 5.5.45
Oracle Mysql 5.5.44
Oracle Mysql 5.5.43
Oracle Mysql 5.5.42
Oracle Mysql 5.5.41
Oracle Mysql 5.5.40
Oracle Mysql 5.5.39
Oracle Mysql 5.5.38
Oracle Mysql 5.5.37
Oracle Mysql 5.5.36
Oracle Mysql 5.5.35
Oracle Mysql 5.5.32
Oracle Mysql 5.5.31
Oracle Mysql 5.5.28
Oracle Mysql 5.5.27
Oracle Mysql 5.5.25
Oracle Mysql 5.5.24
Oracle Mysql 5.5.23
Oracle Mysql 5.5.22
Oracle Mysql 5.5.21
Oracle Mysql 5.5.20
Oracle Mysql 5.5.19
Oracle Mysql 5.5.18
Oracle Mysql 5.5.17
Oracle Mysql 5.5.16
Oracle Mysql 5.5.15
Oracle Mysql 5.5.14
Oracle Mysql 5.5.13
Oracle Mysql 5.5.12
Oracle Mysql 5.5.11
Oracle Mysql 5.5.10
Oracle Mysql 5.6.8
Oracle Mysql 5.6.7
Oracle Mysql 5.6.4
Oracle Mysql 5.6.29
Oracle Mysql 5.6.20
Oracle Mysql 5.6.2
Oracle Mysql 5.6.19
Oracle Mysql 5.6.18
Oracle Mysql 5.6.16
Oracle Mysql 5.6.15
Oracle Mysql 5.6.14
Oracle Mysql 5.6.13
Oracle Mysql 5.5.48
Oracle Mysql 5.5.47
Oracle Mysql 5.5.34
Oracle Mysql 5.5.33
Oracle Mysql 5.5.30
Oracle Mysql 5.5.29
Oracle Mysql 5.5.26
Mysql Mysql 5.6.30
Mysql Mysql 5.5.49

Not Vulnerable:

References:

• MySQL Home Page (MySQL)
  
• The Riddle (Riddle)
  
• Bug 1431690 - (CVE-2017-3305) CVE-2017-3305 mysql: incorrect enforcement of ssl- (Red Hat)
  
• Oracle Critical Patch Update Advisory - April 2017 (Oracle)
  

Source: www.securityfocus.com