Red Hat Bugzilla – Bug 1467606
CVE-2017-10789 perl-DBD-MySQL: Possible MITM attack when mysql_ssl=1
Last modified: 2017-08-31 04:39:14 EDT
The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.
Created perl-DBD-MySQL tracking bugs for this issue:
Affects: fedora-all [bug 1467608]
Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.