CVE-2017-3258

MEDIUM

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).

References

http://www.debian.org/security/2017/dsa-3767

http://www.debian.org/security/2017/dsa-3770

http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html

http://www.securityfocus.com/bid/95560

http://www.securitytracker.com/id/1037640

https://access.redhat.com/errata/RHSA-2017:2192

https://access.redhat.com/errata/RHSA-2017:2787

https://access.redhat.com/errata/RHSA-2017:2886

https://access.redhat.com/errata/RHSA-2018:0279

https://access.redhat.com/errata/RHSA-2018:0574

https://security.gentoo.org/glsa/201702-17

https://security.gentoo.org/glsa/201702-18

Details

Source: MITRE

Published: 2017-01-27

Updated: 2018-03-23

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 4

Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Impact Score: 2.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3.0

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (31 total)

ID	Name	Product	Family	Severity
103008	EulerOS 2.0 SP2 : mariadb (EulerOS-SA-2017-1170)	Nessus	Huawei Local Security Checks	medium
103007	EulerOS 2.0 SP1 : mariadb (EulerOS-SA-2017-1169)	Nessus	Huawei Local Security Checks	medium
102755	CentOS 7 : mariadb (CESA-2017:2192)	Nessus	CentOS Local Security Checks	medium
102648	Scientific Linux Security Update : mariadb on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	medium
102299	Oracle Linux 7 : mariadb (ELSA-2017-2192)	Nessus	Oracle Linux Local Security Checks	medium
102152	RHEL 7 : mariadb (RHSA-2017:2192)	Nessus	Red Hat Local Security Checks	medium
97569	openSUSE Security Update : mysql-community-server (openSUSE-2017-315)	Nessus	SuSE Local Security Checks	medium
97278	openSUSE Security Update : mysql-community-server (openSUSE-2017-258)	Nessus	SuSE Local Security Checks	medium
97277	openSUSE Security Update : mariadb (openSUSE-2017-257)	Nessus	SuSE Local Security Checks	medium
97261	GLSA-201702-18 : MariaDB: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
97260	GLSA-201702-17 : MySQL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
97064	SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2017:0412-1)	Nessus	SuSE Local Security Checks	medium
97063	SUSE SLES12 Security Update : mariadb (SUSE-SU-2017:0411-1)	Nessus	SuSE Local Security Checks	medium
97046	SUSE SLES11 Security Update : mysql (SUSE-SU-2017:0408-1)	Nessus	SuSE Local Security Checks	medium
96808	Amazon Linux AMI : mysql56 (ALAS-2017-790)	Nessus	Amazon Linux Local Security Checks	medium
96807	Amazon Linux AMI : mysql55 (ALAS-2017-789)	Nessus	Amazon Linux Local Security Checks	medium
9915	MariaDB Server 10.1.x < 10.1.21 Multiple Vulnerabilities	Nessus Network Monitor	Database	medium
9912	MariaDB Server 10.0.x < 10.0.29 Multiple Vulnerabilities	Nessus Network Monitor	Database	medium
9911	MariaDB Server 5.5.x < 5.5.54 Multiple Vulnerabilities	Nessus Network Monitor	Database	high
96732	Debian DLA-797-1 : mysql-5.5 security update	Nessus	Debian Local Security Checks	medium
96669	Debian DSA-3770-1 : mariadb-10.0 - security update	Nessus	Debian Local Security Checks	medium
96656	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3174-1)	Nessus	Ubuntu Local Security Checks	medium
96638	Debian DSA-3767-1 : mysql-5.5 - security update	Nessus	Debian Local Security Checks	medium
96618	FreeBSD : mysql -- multiple vulnerabilities (4d2f9d09-ddb7-11e6-a9a5-b499baebfeaf)	Nessus	FreeBSD Local Security Checks	medium
96612	Slackware 14.1 / 14.2 / current : mariadb (SSA:2017-018-01)	Nessus	Slackware Local Security Checks	medium
95881	MySQL 5.7.x < 5.7.17 Multiple Vulnerabilities (January 2017 CPU) (July 2017 CPU)	Nessus	Databases	high
95880	MySQL 5.7.x < 5.7.17 Multiple Vulnerabilities (January 2017 CPU) (July 2017 CPU)	Nessus	Databases	high
95879	MySQL 5.6.x < 5.6.35 Multiple Vulnerabilities (January 2017 CPU)	Nessus	Databases	high
95878	MySQL 5.6.x < 5.6.35 Multiple Vulnerabilities (January 2017 CPU)	Nessus	Databases	high
95877	MySQL 5.5.x < 5.5.54 Multiple Vulnerabilities (January 2017 CPU)	Nessus	Databases	high
95876	MySQL 5.5.x < 5.5.54 Multiple Vulnerabilities (January 2017 CPU)	Nessus	Databases	high