Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 17 Mar 2017 11:54:35 +0100
From: Pali Rohár <>
Subject: CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure)


There is a new vulnerability in MySQL client versions 5.5 and 5.6 which 
is related to SSL/TLS encryption and to older BACKRONYM vulnerability.

As it is common, new vulnerability should have a name, logo and website. 
So enjoy the *Riddle* at

Affected are only Oracle's MySQL clients in all versions 5.5 and 5.6 
when SSL/TLS encryption is used. Verification of encryption parameters 
and existence of SSL/TLS layer by MySQL client is done *after* client 
successfully finish authentication.

For more details including mitigation, look at Technical section on 
vulnerability website:

Pali Rohár

Download attachment "signature.asc " of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ