Multiple vulnerabilities in MySQL Enterprise Backup

Published: 2024-04-17

Risk	Medium
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2024-0853 CVE-2023-6129
CWE-ID	CWE-299 CWE-371
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	MySQL Enterprise Backup Client/Desktop applications / Software for system administration
Vendor	Oracle

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Improper check for certificate revocation

EUVDB-ID: #VU85927

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-0853

CWE-ID: CWE-299 - Improper Check for Certificate Revocation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass OCSP verification.

The vulnerability exists due to curl inadvertently keeps the SSL session ID for connections in its cache even when the verify status (OCSP stapling) test has failed. A subsequent transfer to the same hostname will be successful if the session ID cache is still fresh, which leads to skipping the verify status check. As a result, OCSP verification is always successful for all subsequent TLS sessions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

MySQL Enterprise Backup: 8.0.0 - 8.3.0

External links

http://www.oracle.com/security-alerts/cpuapr2024.html?505646

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) State Issues

EUVDB-ID: #VU85170

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-6129

CWE-ID: CWE-371 - State Issues