CVE-2017-3312

LOW

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts).

References

http://www.debian.org/security/2017/dsa-3767

http://www.debian.org/security/2017/dsa-3770

http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html

http://www.securityfocus.com/bid/95491

http://www.securitytracker.com/id/1037640

https://access.redhat.com/errata/RHSA-2017:2192

https://access.redhat.com/errata/RHSA-2017:2787

https://access.redhat.com/errata/RHSA-2017:2886

https://access.redhat.com/errata/RHSA-2018:0279

https://access.redhat.com/errata/RHSA-2018:0574

https://security.gentoo.org/glsa/201702-17

https://security.gentoo.org/glsa/201702-18

Details

Source: MITRE

Published: 2017-01-27

Updated: 2018-03-23

Type: CWE-254

Risk Information

CVSS v2.0

Base Score: 3.5

Vector: (AV:L/AC:H/Au:S/C:P/I:P/A:P)

Impact Score: 6.4

Exploitability Score: 1.5

Severity: LOW

CVSS v3.0

Base Score: 6.7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 0.8

Severity: MEDIUM

Tenable Plugins

View all (29 total)

ID	Name	Product	Family	Severity
103008	EulerOS 2.0 SP2 : mariadb (EulerOS-SA-2017-1170)	Nessus	Huawei Local Security Checks	medium
103007	EulerOS 2.0 SP1 : mariadb (EulerOS-SA-2017-1169)	Nessus	Huawei Local Security Checks	medium
102755	CentOS 7 : mariadb (CESA-2017:2192)	Nessus	CentOS Local Security Checks	medium
102648	Scientific Linux Security Update : mariadb on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	medium
102299	Oracle Linux 7 : mariadb (ELSA-2017-2192)	Nessus	Oracle Linux Local Security Checks	medium
102152	RHEL 7 : mariadb (RHSA-2017:2192)	Nessus	Red Hat Local Security Checks	medium
97569	openSUSE Security Update : mysql-community-server (openSUSE-2017-315)	Nessus	SuSE Local Security Checks	medium
97278	openSUSE Security Update : mysql-community-server (openSUSE-2017-258)	Nessus	SuSE Local Security Checks	medium
97277	openSUSE Security Update : mariadb (openSUSE-2017-257)	Nessus	SuSE Local Security Checks	medium
97261	GLSA-201702-18 : MariaDB: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
97260	GLSA-201702-17 : MySQL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
97064	SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2017:0412-1)	Nessus	SuSE Local Security Checks	medium
97063	SUSE SLES12 Security Update : mariadb (SUSE-SU-2017:0411-1)	Nessus	SuSE Local Security Checks	medium
97046	SUSE SLES11 Security Update : mysql (SUSE-SU-2017:0408-1)	Nessus	SuSE Local Security Checks	medium
9915	MariaDB Server 10.1.x < 10.1.21 Multiple Vulnerabilities	Nessus Network Monitor	Database	medium
9912	MariaDB Server 10.0.x < 10.0.29 Multiple Vulnerabilities	Nessus Network Monitor	Database	medium
9911	MariaDB Server 5.5.x < 5.5.54 Multiple Vulnerabilities	Nessus Network Monitor	Database	high
96732	Debian DLA-797-1 : mysql-5.5 security update	Nessus	Debian Local Security Checks	medium
96669	Debian DSA-3770-1 : mariadb-10.0 - security update	Nessus	Debian Local Security Checks	medium
96656	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3174-1)	Nessus	Ubuntu Local Security Checks	medium
96638	Debian DSA-3767-1 : mysql-5.5 - security update	Nessus	Debian Local Security Checks	medium
96618	FreeBSD : mysql -- multiple vulnerabilities (4d2f9d09-ddb7-11e6-a9a5-b499baebfeaf)	Nessus	FreeBSD Local Security Checks	medium
96612	Slackware 14.1 / 14.2 / current : mariadb (SSA:2017-018-01)	Nessus	Slackware Local Security Checks	medium
95881	MySQL 5.7.x < 5.7.17 Multiple Vulnerabilities (January 2017 CPU) (July 2017 CPU)	Nessus	Databases	high
95880	MySQL 5.7.x < 5.7.17 Multiple Vulnerabilities (January 2017 CPU) (July 2017 CPU)	Nessus	Databases	high
95879	MySQL 5.6.x < 5.6.35 Multiple Vulnerabilities (January 2017 CPU)	Nessus	Databases	high
95878	MySQL 5.6.x < 5.6.35 Multiple Vulnerabilities (January 2017 CPU)	Nessus	Databases	high
95877	MySQL 5.5.x < 5.5.54 Multiple Vulnerabilities (January 2017 CPU)	Nessus	Databases	high
95876	MySQL 5.5.x < 5.5.54 Multiple Vulnerabilities (January 2017 CPU)	Nessus	Databases	high