php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Sec Bug #69669 mysqlnd is vulnerable to BACKRONYM (CVE-2015-3152)
Submitted: 2015-05-20 07:56 UTC Modified: 2015-07-10 14:17 UTC
From: andrey@php.net Assigned: mysql (profile)
Status: Closed Package: mysql (PECL)
PHP Version: master-Git-2015-05-20 (Git) OS: All
Private report: No CVE-ID: 2015-3152
 [2015-05-20 07:56 UTC] andrey@php.net
Description:
------------
mysqlnd is vulnerable to the attack described in https://www.duosecurity.com/blog/backronym-mysql-vulnerability

mysqlnd allows downgrade to non-SSL connection even if SSL was requested.

Expected result:
----------------
Fail to connect if SSL is requested but not provided as capability by the server.

Actual result:
--------------
mysqlnd allows downgrade to non-SSL connection even if SSL was requested.

Patches

backronym-5.4 (last revision 2015-07-05 07:07 UTC) by stas@php.net)
backronym (last revision 2015-06-17 11:40 UTC) by andrey@php.net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-05-20 07:56 UTC] andrey@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: mysql
 [2015-05-21 13:00 UTC] cmb@php.net
-Type: Bug +Type: Security -Private report: No +Private report: Yes
 [2015-06-17 11:40 UTC] andrey@php.net
The following patch has been added/updated:

Patch Name: backronym
Revision:   1434541237
URL:        https://bugs.php.net/patch-display.php?bug=69669&patch=backronym&revision=1434541237
 [2015-07-05 07:07 UTC] stas@php.net
The following patch has been added/updated:

Patch Name: backronym-5.4
Revision:   1436080071
URL:        https://bugs.php.net/patch-display.php?bug=69669&patch=backronym-5.4&revision=1436080071
 [2015-07-05 07:08 UTC] stas@php.net
Added 5.4 version, please check that nothing wrong is there.
 [2015-07-07 16:38 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4
Log: Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)
 [2015-07-07 16:38 UTC] stas@php.net
-Status: Assigned +Status: Closed
 [2015-07-07 17:10 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4
Log: Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)
 [2015-07-07 17:10 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0d2f147d80bd02d4d1ccaa0fa530d9d4846b3c75
Log: Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)
 [2015-07-07 17:13 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4
Log: Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)
 [2015-07-07 17:13 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0d2f147d80bd02d4d1ccaa0fa530d9d4846b3c75
Log: Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)
 [2015-07-07 17:45 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d8aa5675ad2ead0469c15fad167ecbdd60051716
Log: Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)
 [2015-07-07 17:45 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4
Log: Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)
 [2015-07-07 17:45 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0d2f147d80bd02d4d1ccaa0fa530d9d4846b3c75
Log: Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)
 [2015-07-07 23:36 UTC] ab@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d8aa5675ad2ead0469c15fad167ecbdd60051716
Log: Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)
 [2015-07-07 23:36 UTC] ab@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4
Log: Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)
 [2015-07-07 23:36 UTC] ab@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0d2f147d80bd02d4d1ccaa0fa530d9d4846b3c75
Log: Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)
 [2015-07-08 14:56 UTC] jpauli@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4
Log: Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)
 [2015-07-08 14:56 UTC] jpauli@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0d2f147d80bd02d4d1ccaa0fa530d9d4846b3c75
Log: Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)
 [2015-07-10 14:17 UTC] kaplan@php.net
-CVE-ID: +CVE-ID: 2015-3152
 [2016-07-20 11:37 UTC] davey@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d8aa5675ad2ead0469c15fad167ecbdd60051716
Log: Fix bug #69669 (mysqlnd is vulnerable to BACKRONYM)
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC