Date: Fri, 17 Mar 2017 11:54:35 +0100 From: Pali Rohár <pali.rohar@...il.com> To: oss-security@...ts.openwall.com Subject: CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) Hi! There is a new vulnerability in MySQL client versions 5.5 and 5.6 which is related to SSL/TLS encryption and to older BACKRONYM vulnerability. As it is common, new vulnerability should have a name, logo and website. So enjoy the *Riddle* at http://riddle.link/ Affected are only Oracle's MySQL clients in all versions 5.5 and 5.6 when SSL/TLS encryption is used. Verification of encryption parameters and existence of SSL/TLS layer by MySQL client is done *after* client successfully finish authentication. For more details including mitigation, look at Technical section on vulnerability website: http://riddle.link/ -- Pali Rohár pali.rohar@...il.com Download attachment "signature.asc " of type "application/pgp-signature" (199 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.