| Question: |
The researcher Rohr Pali (Pali Rohár) has found that the developers of MySQL failed until the end to fix an old vulnerability, known as a Backronym. As a result, a new problem has arisen CVE-2017-3305, which the technician called \"Sieve\" (Riddle).Rohr, writes that the bug is a danger to the MySQL 5.5 and 5.6, although the fix was introduced in version 5.5.49 and 5.6.30, it failed to solve the problem at the end. However a version older than 5.7, as well as MariaDB, a problem does not occur.Let me remind you that the problem Backronym was that MySQL leave the password visible to the attacker, allowing attackers to intercept credentials even if the connection is secure and uses SSL. To do this, the hackers had to do was to have implemented a man-in-the-middle attack.\"Security update MySQL 5.5.49 and 5.6.30 added an additional verification of the security configuration after the completion of the authentication process. Since it is after authenticating, the attacker can use the attack riddle man-in-the-middle and SSL downgrade to steal account data and to immediately use them to authenticate to the MySQL server writes Rohr. — The funny thing is that MySQL client will not report any errors related to SSL, when the server refuses to authenticate the user, instead, you see the message server error encryption. Worse, when the attack riddle in the middle is active, even the error message is under the control of criminals\".The researcher calls on everyone to urgently upgrade to MySQL 5.7, or to switch to MariaDB, where the problem was completely resolved. According to Rohera, report the bug to the developers Oracle is useless if you are not their client. \"They just ignore any messages, and would be very happy if no one found out about it, and they wouldn`t have to fix bugs\" — says the expert. |
| Answer: |
Hello. the Question referred to the administrator, wait for amp. |
| Answer: |
Hello. mysql versions are the latest in a series. obnovlenii to 5.7 is not possible even in theory because many functions are not backward compatible and the sites on the server will no longer work, also the panel does not support mysql 5.7 . the server also has mysql 5.5 latest safe edition |
| Question: |
Thank you!but you can at least upgrade to 5.6?client paranoidly superficial knowledge |
| Answer: |
Update no, to move to the server version 5.6 - Yes. |
| Question: |
it`s great , an option to do this?need some sort of application?thank you! |
| Answer: |
this server is not in Russia, would you accept that? |
| Question: |
AA no thanks |
| Answer: |
OK |
|
