Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 17 Mar 2017 15:54:40 +0100
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure)

On Fri, Mar 17, 2017 at 11:54:35AM +0100, Pali Roh??r wrote:
> There is a new vulnerability in MySQL client versions 5.5 and 5.6 which 
> is related to SSL/TLS encryption and to older BACKRONYM vulnerability.
> 
> As it is common, new vulnerability should have a name, logo and website. 
> So enjoy the *Riddle* at http://riddle.link/
> 
> Affected are only Oracle's MySQL clients in all versions 5.5 and 5.6 
> when SSL/TLS encryption is used. Verification of encryption parameters 
> and existence of SSL/TLS layer by MySQL client is done *after* client 
> successfully finish authentication.
> 
> For more details including mitigation, look at Technical section on 
> vulnerability website: http://riddle.link/

That's very nice, but per oss-security list content guidelines technical
detail should also be included in postings.  Attached as text/plain, for
archival.

http://oss-security.openwall.org/wiki/mailing-lists/oss-security#list-content-guidelines

Alexander

View attachment "riddle.txt" of type "text/plain" (13283 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ