Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CAN1difs9XYhuXST0JiOtxyy5DEqNo0pktDQPNR-8ft9NyXtHzA@mail.gmail.com>
Date: Wed, 29 Apr 2015 16:41:45 +0200
From: Michał Staruch <msta@...kciarz.pl>
To: oss-security@...ts.openwall.com
Subject: Re: [oCERT-2015-003] MySQL SSL/TLS downgrade

Even using "--ssl-verify-server-cert" won't help you much, as certificate
validation
performed by MySQL client is a joke, far from meeting RFC 5280 requirements.

I've performed some tests and given the details to Oracle in 2014 Q3 (MySQL
bug #74066, hidden from public) - but no progress, so far.


On Wed, Apr 29, 2015 at 4:00 PM, Andrea Barisani <lcars@...rt.org> wrote:

>
> #2015-003 MySQL SSL/TLS downgrade
>
> Description:
>
> The MySQL project is an open source relational database management system.
>
> A vulnerability has been reported concerning the impossibility for MySQL
> users
> (with any major stable version) to enforce an effective SSL/TLS connection
> that would be immune from man-in-the-middle (MITM) attacks performing a
> malicious downgrade.
>
> While the issue has been addressed in MySQL preview release 5.7.3 in
> December
> 2013, it is perceived that the majority of MySQL users are not aware of
> this
> limitation and that the issue should be treated as a vulnerability.
>
> The vulnerability lies within the behaviour of the '--ssl' client option,
> which on affected versions it is being treated as "advisory". Therefore
> while
> the option would attempt an SSL/TLS connection to be initiated towards a
> server, it would not actually require it. This allows a MITM attack to
> transparently "strip" the SSL/TLS protection.
>
> The issue affects the ssl client option whether used directly or triggered
> automatically by the use of other ssl options ('--ssl-xxx') that imply
> '--ssl'.
>
> Such behavior is clearly indicated in MySQL reference manual as follows:
>
>   For the server, this option specifies that the server permits but does
> not require
>   SSL connections.
>
>   For a client program, this option permits but does not require the
> client to
>   connect to the server using SSL. Therefore, this option is not
> sufficient in
>   itself to cause an SSL connection to be used. For example, if you
> specify this
>   option for a client program but the server has not been configured to
> permit
>   SSL connections, an unencrypted connection is used.
>
> In a similar manner to the new '--ssl' option behaviour, users of the MySQL
> client library (Connector/C, libmysqlclient), as of MySQL 5.7.3, can take
> advantage of the MYSQL_OPT_SSL_ENFORCE option to enforce SSL/TLS
> connections.
>
> The vulnerability also affects the MySQL forks MariaDB and Percona Server,
> as
> the relevant 5.7.3 patch has not been pulled, at the time of this
> advisory, in
> their respective stable versions.
>
> Affected version:
>
> MySQL <= 5.7.2
>
> MySQl Connector/C (libmysqlclient) < 6.1.3
>
> Percona Server, all versions
>
> MariaDB, all versions
>
> Fixed version:
>
> MySQL >= 5.7.3
>
> MySQl Connector/C (libmysqlclient) >= 6.1.3
>
> Percona Server, N/A
>
> MariaDB, N/A
>
> Credit: vulnerability report from Adam Goodman, Principal Security
> Architect
> at Duo Security.
>
> CVE: CVE-2015-3152 (MariaDB, Percona)
>
> Timeline:
>
> 2015-03-20: vulnerability report received
> 2015-03-23: contacted Oracle Security
> 2015-04-04: oCERT sets embargo date to April 29th
> 2015-04-20: reporter confirms MariaDB is affected
> 2015-04-22: contacted MariaDB and affected vendors, assigned CVEs
> 2015-04-23: contacted Percona
> 2015-04-29: advisory release
>
> References:
>
> https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390
> http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option
> http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-3.html
> https://mariadb.atlassian.net/browse/MDEV-7937
> https://bugs.launchpad.net/percona-server/+bug/1447527
>
> Permalink:
> http://www.ocert.org/advisories/ocert-2015-003.html
>
> --
> Andrea Barisani |                Founder & Project Coordinator
>           oCERT | OSS Computer Security Incident Response Team
>
> <lcars@...rt.org>                         http://www.ocert.org
>  0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
>         "Pluralitas non est ponenda sine necessitate"
>



-- 

Pozdrawiam | Best Regards

Michał Staruch | Information Security Officer

ul. Sienkiewicza 9, 65-001 Zielona Góra

msta@...kciarz.pl

Find us on Bloomberg CKPL <GO>
 [image: Cinkciarz.pl Sp. z.o.o] <https://cinkciarz.pl>

*Cinkciarz.pl Sp. z o.o.*

*Siedziba:* ul. Sienkiewicza 9, 65-001 Zielona Góra

*Biuro PL:* Al. Jerozolimskie 123A, 00-965 Warszawa | *Biuro UK:* The
Broadgate Tower, 20 Primrose Street, London EC2A 2EW

*Sekretariat:* +48 726 666 655 | *Infolinia:* +48 68 410 99 50

biuro@...kciarz.pl | https://cinkciarz.pl

KRS 0000364722 | Kapitał zakładowy 23.263.500 zł

REGON 080465538 | NIP 9291830388

Audited by: Grant Thornton

[image: Oficjalny sponsor Reprezentacji Polski w piłce nożnej]

Treść tej wiadomości zawiera informacje poufne, przeznaczone tylko dla
adresata. Udostępnianie, ujawnianie, powielanie, rozpowszechnianie bądź
powoływanie się na jakikolwiek jej fragment przez inne osoby jest
zabronione. W razie przypadkowego otrzymania tej wiadomości prosimy o
powiadomienie o tym nadawcy oraz trwałe jej usunięcie. Informacje zawarte w
tej wiadomości mogą być objęte tajemnicą zawodową lub chronione innymi
przepisami prawnymi. Nadawca nie bierze odpowiedzialności za jakiekolwiek
szkody spowodowane wirusem komputerowym przetransmitowanym w tej
wiadomości.  Poglądy i opinie przedstawione w tej wiadomości są wyłącznie
poglądami i opiniami jej autora i niekoniecznie reprezentują poglądy i
opinie firmy.

This is a confidential e-mail intended solely for the use of the entity or
the individual to whom it is addressed. Unauthorized publication, use,
dissemination or disclosure of this message, either in whole or in part is
strictly prohibited. If you have received this message in error please send
it back to the sender and delete it. It may also be privileged or otherwise
protected by work product immunity or other legal rules. The company
accepts no liability for any damage caused by any virus transmitted by this
e-mail. Any views or opinions presented in this e-mail are solely those of
the author and do not necessarily represent those of the company.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.