|
Message-Id: <201703171154.35368@pali>
Date: Fri, 17 Mar 2017 11:54:35 +0100
From: Pali Rohár <pali.rohar@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure)
Hi!
There is a new vulnerability in MySQL client versions 5.5 and 5.6 which
is related to SSL/TLS encryption and to older BACKRONYM vulnerability.
As it is common, new vulnerability should have a name, logo and website.
So enjoy the *Riddle* at http://riddle.link/
Affected are only Oracle's MySQL clients in all versions 5.5 and 5.6
when SSL/TLS encryption is used. Verification of encryption parameters
and existence of SSL/TLS layer by MySQL client is done *after* client
successfully finish authentication.
For more details including mitigation, look at Technical section on
vulnerability website: http://riddle.link/
--
Pali Rohár
pali.rohar@...il.com
Download attachment "signature.asc " of type "application/pgp-signature" (199 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.