oss-sec mailing list archives
Re: CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure)
From: Solar Designer <solar () openwall com>
Date: Fri, 17 Mar 2017 15:54:40 +0100
On Fri, Mar 17, 2017 at 11:54:35AM +0100, Pali Roh??r wrote:
There is a new vulnerability in MySQL client versions 5.5 and 5.6 which is related to SSL/TLS encryption and to older BACKRONYM vulnerability. As it is common, new vulnerability should have a name, logo and website. So enjoy the *Riddle* at http://riddle.link/ Affected are only Oracle's MySQL clients in all versions 5.5 and 5.6 when SSL/TLS encryption is used. Verification of encryption parameters and existence of SSL/TLS layer by MySQL client is done *after* client successfully finish authentication. For more details including mitigation, look at Technical section on vulnerability website: http://riddle.link/
That's very nice, but per oss-security list content guidelines technical detail should also be included in postings. Attached as text/plain, for archival. http://oss-security.openwall.org/wiki/mailing-lists/oss-security#list-content-guidelines Alexander
Attachment:
riddle.txt
Description:
Current thread:
- CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) Pali Rohár (Mar 17)
- Re: CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) Solar Designer (Mar 17)