Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.117194
Categoría:Databases
Título:Oracle MySQL Server <= 5.5.45 / 5.6 <= 5.6.26 Security Update (cpujan2016) - Windows
Resumen:Oracle MySQL Server is prone to a vulnerability in a third party library.
Descripción:Summary:
Oracle MySQL Server is prone to a vulnerability in a third party library.

Vulnerability Insight:
wolfSSL (formerly CyaSSL) as used in MySQL does not properly handle
faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange
without low memory optimizations on a server.

Vulnerability Impact:
The flaw makes it easier for remote attackers to obtain private RSA
keys by capturing TLS handshakes, aka a Lenstra attack.

Affected Software/OS:
Oracle MySQL Server versions 5.5.45 and prior and 5.6 through 5.6.26.

Solution:
Updates are available. Please see the references for more information.

CVSS Score:
2.6

CVSS Vector:
AV:N/AC:H/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-7744
https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
http://www.securitytracker.com/id/1034708
SuSE Security Announcement: openSUSE-SU-2016:0367 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html
SuSE Security Announcement: openSUSE-SU-2016:0377 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.