ID CVE-2015-1027 Type cve Reporter cve@mitre.org Modified 2017-10-10T11:56:00
Description
The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL.
{"id": "CVE-2015-1027", "bulletinFamily": "NVD", "title": "CVE-2015-1027", "description": "The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL.", "published": "2017-09-29T01:34:00", "modified": "2017-10-10T11:56:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1027", "reporter": "cve@mitre.org", "references": ["https://www.percona.com/blog/2015/05/06/percona-security-advisory-cve-2015-1027/", "https://bugs.launchpad.net/percona-toolkit/+bug/1408375"], "cvelist": ["CVE-2015-1027"], "type": "cve", "lastseen": "2020-12-09T20:03:00", "edition": 5, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["OPENSUSE-2015-217.NASL"]}], "modified": "2020-12-09T20:03:00", "rev": 2}, "score": {"value": 3.2, "vector": "NONE", "modified": "2020-12-09T20:03:00", "rev": 2}, "vulnersScore": 3.2}, "cpe": ["cpe:/a:percona:xtrabackup:2.2.8", "cpe:/a:percona:toolkit:2.2.12"], "affectedSoftware": [{"cpeName": "percona:xtrabackup", "name": "percona xtrabackup", "operator": "le", "version": "2.2.8"}, {"cpeName": "percona:toolkit", "name": "percona toolkit", "operator": "le", "version": "2.2.12"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6}, "cpe23": ["cpe:2.3:a:percona:xtrabackup:2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:percona:toolkit:2.2.12:*:*:*:*:*:*:*"], "cwe": ["CWE-200"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:percona:toolkit:2.2.12:*:*:*:*:*:*:*", "versionEndIncluding": "2.2.12", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:percona:xtrabackup:2.2.8:*:*:*:*:*:*:*", "versionEndIncluding": "2.2.8", "vulnerable": true}], "operator": "OR"}]}}
{"nessus": [{"lastseen": "2021-01-20T12:28:20", "description": "Percona Toolkit and XtraBackup were updated to fix bugs and security\nissues.\n\nPercona XtraBackup was vulnerable to MITM attack which could allow\nexfiltration of MySQL configuration information via the\n--version-check option. [boo#919298] CVE-2015-1027 lp#1408375.\n\nThe openSUSE package has the version check disabled by default.\n\nPercona Toolkit was updated to 2.2.13 :\n\n - Feature lp#1391240: pt-kill added query fingerprint hash\n to output\n\n - Fixed lp#1402668: pt-mysql-summary fails on cluster in\n Donor/Desynced status \n\n - Fixed lp#1396870: pt-online-schema-change CTRL+C leaves\n terminal in inconsistent state \n\n - Fixed lp#1396868: pt-online-schema-change --ask-pass\n option error\n\n - Fixed lp#1266869: pt-stalk fails to start if $HOME\n environment variable is not set \n\n - Fixed lp#1019479: pt-table-checksum does not work with\n sql_mode ONLY_FULL_GROUP_BY\n\n - Fixed lp#1394934: pt-table-checksum error in debug mode\n\n - Fixed lp#1321297: pt-table-checksum reports diffs on\n timestamp columns in 5.5 vs 5.6 \n\n - Fixed lp#1399789: pt-table-checksum fails to find pxc\n nodes when wsrep_node_incoming_address is set to AUTO\n\n - Fixed lp#1388870: pt-table-checksum has some errors with\n different time zones\n\n - Fixed lp#1408375: vulnerable to MITM attack which would\n allow exfiltration of MySQL configuration information\n via --version-check [boo#919298] [CVE-2015-1027]\n\n - Fixed lp#1404298: missing MySQL5.7 test files for\n pt-table-checksum\n\n - Fixed lp#1403900: added sandbox and fixed sakila test db\n for 5.7\n\nPercona XtraBackup was updated to version 2.2.9 :\n\n - xtrabackup_galera_info file isn't overwritten during the\n Galera auto-recovery. lp#1418584.\n\n - Percona XtraBackup now sets the maximum supported\n session value for lock_wait_timeout variable to prevent\n unnecessary timeouts when the global value is changed\n from the default. lp#1410339.\n\n - New option --backup-locks, enabled by default, has been\n implemented to control if backup locks will be used even\n if they are supported by the server. To disable backup\n locks innobackupex should be run with innobackupex\n --no-backup-locks option. lp#1418820.", "edition": 21, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2015-03-12T00:00:00", "title": "openSUSE Security Update : percona-toolkit / xtrabackup (openSUSE-2015-217)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1027"], "modified": "2015-03-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:xtrabackup-test", "p-cpe:/a:novell:opensuse:xtrabackup-debuginfo", "p-cpe:/a:novell:opensuse:xtrabackup-debugsource", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:percona-toolkit", "p-cpe:/a:novell:opensuse:xtrabackup", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2015-217.NASL", "href": "https://www.tenable.com/plugins/nessus/81761", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-217.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81761);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-1027\");\n\n script_name(english:\"openSUSE Security Update : percona-toolkit / xtrabackup (openSUSE-2015-217)\");\n script_summary(english:\"Check for the openSUSE-2015-217 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Percona Toolkit and XtraBackup were updated to fix bugs and security\nissues.\n\nPercona XtraBackup was vulnerable to MITM attack which could allow\nexfiltration of MySQL configuration information via the\n--version-check option. [boo#919298] CVE-2015-1027 lp#1408375.\n\nThe openSUSE package has the version check disabled by default.\n\nPercona Toolkit was updated to 2.2.13 :\n\n - Feature lp#1391240: pt-kill added query fingerprint hash\n to output\n\n - Fixed lp#1402668: pt-mysql-summary fails on cluster in\n Donor/Desynced status \n\n - Fixed lp#1396870: pt-online-schema-change CTRL+C leaves\n terminal in inconsistent state \n\n - Fixed lp#1396868: pt-online-schema-change --ask-pass\n option error\n\n - Fixed lp#1266869: pt-stalk fails to start if $HOME\n environment variable is not set \n\n - Fixed lp#1019479: pt-table-checksum does not work with\n sql_mode ONLY_FULL_GROUP_BY\n\n - Fixed lp#1394934: pt-table-checksum error in debug mode\n\n - Fixed lp#1321297: pt-table-checksum reports diffs on\n timestamp columns in 5.5 vs 5.6 \n\n - Fixed lp#1399789: pt-table-checksum fails to find pxc\n nodes when wsrep_node_incoming_address is set to AUTO\n\n - Fixed lp#1388870: pt-table-checksum has some errors with\n different time zones\n\n - Fixed lp#1408375: vulnerable to MITM attack which would\n allow exfiltration of MySQL configuration information\n via --version-check [boo#919298] [CVE-2015-1027]\n\n - Fixed lp#1404298: missing MySQL5.7 test files for\n pt-table-checksum\n\n - Fixed lp#1403900: added sandbox and fixed sakila test db\n for 5.7\n\nPercona XtraBackup was updated to version 2.2.9 :\n\n - xtrabackup_galera_info file isn't overwritten during the\n Galera auto-recovery. lp#1418584.\n\n - Percona XtraBackup now sets the maximum supported\n session value for lock_wait_timeout variable to prevent\n unnecessary timeouts when the global value is changed\n from the default. lp#1410339.\n\n - New option --backup-locks, enabled by default, has been\n implemented to control if backup locks will be used even\n if they are supported by the server. To disable backup\n locks innobackupex should be run with innobackupex\n --no-backup-locks option. lp#1418820.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=919298\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected percona-toolkit / xtrabackup packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:percona-toolkit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtrabackup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtrabackup-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtrabackup-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtrabackup-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"percona-toolkit-2.2.13-2.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtrabackup-2.1.8-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtrabackup-debuginfo-2.1.8-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtrabackup-debugsource-2.1.8-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"percona-toolkit-2.2.13-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtrabackup-2.2.9-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtrabackup-debuginfo-2.2.9-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtrabackup-debugsource-2.2.9-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtrabackup-test-2.2.9-4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"percona-toolkit / xtrabackup / xtrabackup-debuginfo / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}]}
