Databases : Oracle MySQL Server <= 5.5.45 / 5.6 <= 5.6.26 Security Update (cpujan2016)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.117193

Kategorie: Databases

Titel: Oracle MySQL Server <= 5.5.45 / 5.6 <= 5.6.26 Security Update (cpujan2016) - Linux

Zusammenfassung: Oracle MySQL Server is prone to a vulnerability in a third party library.

Beschreibung: Summary:
Oracle MySQL Server is prone to a vulnerability in a third party library.

Vulnerability Insight:
wolfSSL (formerly CyaSSL) as used in MySQL does not properly handle
faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange
without low memory optimizations on a server.

Vulnerability Impact:
The flaw makes it easier for remote attackers to obtain private RSA
keys by capturing TLS handshakes, aka a Lenstra attack.

Affected Software/OS:
Oracle MySQL Server versions 5.5.45 and prior and 5.6 through 5.6.26.

Solution:
Updates are available. Please see the references for more information.

CVSS Score:
2.6

CVSS Vector:
AV:N/AC:H/Au:N/C:P/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-7744
https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
http://www.securitytracker.com/id/1034708
SuSE Security Announcement: openSUSE-SU-2016:0367 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html
SuSE Security Announcement: openSUSE-SU-2016:0377 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html

Copyright Copyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.117193
Kategorie:	Databases
Titel:	Oracle MySQL Server <= 5.5.45 / 5.6 <= 5.6.26 Security Update (cpujan2016) - Linux
Zusammenfassung:	Oracle MySQL Server is prone to a vulnerability in a third party library.
Beschreibung:	Summary: Oracle MySQL Server is prone to a vulnerability in a third party library. Vulnerability Insight: wolfSSL (formerly CyaSSL) as used in MySQL does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server. Vulnerability Impact: The flaw makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack. Affected Software/OS: Oracle MySQL Server versions 5.5.45 and prior and 5.6 through 5.6.26. Solution: Updates are available. Please see the references for more information. CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-7744 https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/ http://www.securitytracker.com/id/1034708 SuSE Security Announcement: openSUSE-SU-2016:0367 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html SuSE Security Announcement: openSUSE-SU-2016:0377 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html
Copyright	Copyright (C) 2021 Greenbone Networks GmbH