CVE-2017-3313

LOW

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).

References

http://www.debian.org/security/2017/dsa-3767

http://www.debian.org/security/2017/dsa-3809

http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html

http://www.securityfocus.com/bid/95527

http://www.securitytracker.com/id/1037640

https://access.redhat.com/errata/RHSA-2017:2192

https://access.redhat.com/errata/RHSA-2017:2787

https://access.redhat.com/errata/RHSA-2017:2886

https://access.redhat.com/errata/RHSA-2018:0279

https://access.redhat.com/errata/RHSA-2018:0574

https://security.gentoo.org/glsa/201702-17

Details

Source: MITRE

Published: 2017-01-27

Updated: 2018-03-23

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 1.5

Vector: (AV:L/AC:M/Au:S/C:P/I:N/A:N)

Impact Score: 2.9

Exploitability Score: 2.7

Severity: LOW

CVSS v3.0

Base Score: 4.7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1

Severity: MEDIUM

Tenable Plugins

View all (34 total)

ID	Name	Product	Family	Severity
105077	MariaDB 10.2.x < 10.2.10 Multiple Vulnerabilities	Nessus	Databases	medium
103008	EulerOS 2.0 SP2 : mariadb (EulerOS-SA-2017-1170)	Nessus	Huawei Local Security Checks	medium
103007	EulerOS 2.0 SP1 : mariadb (EulerOS-SA-2017-1169)	Nessus	Huawei Local Security Checks	medium
102755	CentOS 7 : mariadb (CESA-2017:2192)	Nessus	CentOS Local Security Checks	medium
102648	Scientific Linux Security Update : mariadb on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	medium
102299	Oracle Linux 7 : mariadb (ELSA-2017-2192)	Nessus	Oracle Linux Local Security Checks	medium
102152	RHEL 7 : mariadb (RHSA-2017:2192)	Nessus	Red Hat Local Security Checks	medium
101568	Fedora 26 : 3:mariadb (2017-09dd8907da)	Nessus	Fedora Local Security Checks	medium
100972	Fedora 24 : 3:mariadb (2017-8425f676f2)	Nessus	Fedora Local Security Checks	medium
100857	Fedora 25 : 3:mariadb (2017-2c0609b92a)	Nessus	Fedora Local Security Checks	medium
100611	openSUSE Security Update : mariadb (openSUSE-2017-644)	Nessus	SuSE Local Security Checks	medium
100245	SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2017:1315-1)	Nessus	SuSE Local Security Checks	medium
100242	SUSE SLES12 Security Update : mariadb (SUSE-SU-2017:1311-1)	Nessus	SuSE Local Security Checks	medium
99670	MariaDB 5.5.x < 5.5.55 / 10.0.x < 10.0.30 / 10.1.x < 10.1.22 / 10.2.x < 10.2.5 Multiple Vulnerabilities	Nessus	Databases	high
99034	Slackware 14.2 / current : mariadb (SSA:2017-087-01)	Nessus	Slackware Local Security Checks	medium
97757	Debian DSA-3809-1 : mariadb-10.0 - security update	Nessus	Debian Local Security Checks	medium
97569	openSUSE Security Update : mysql-community-server (openSUSE-2017-315)	Nessus	SuSE Local Security Checks	medium
97278	openSUSE Security Update : mysql-community-server (openSUSE-2017-258)	Nessus	SuSE Local Security Checks	medium
97260	GLSA-201702-17 : MySQL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
97046	SUSE SLES11 Security Update : mysql (SUSE-SU-2017:0408-1)	Nessus	SuSE Local Security Checks	medium
96808	Amazon Linux AMI : mysql56 (ALAS-2017-790)	Nessus	Amazon Linux Local Security Checks	medium
96807	Amazon Linux AMI : mysql55 (ALAS-2017-789)	Nessus	Amazon Linux Local Security Checks	medium
96732	Debian DLA-797-1 : mysql-5.5 security update	Nessus	Debian Local Security Checks	medium
96656	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3174-1)	Nessus	Ubuntu Local Security Checks	medium
96638	Debian DSA-3767-1 : mysql-5.5 - security update	Nessus	Debian Local Security Checks	medium
96618	FreeBSD : mysql -- multiple vulnerabilities (4d2f9d09-ddb7-11e6-a9a5-b499baebfeaf)	Nessus	FreeBSD Local Security Checks	medium
9845	Oracle MySQL 5.6.x < 5.6.35 Multiple Vulnerabilities	Nessus Network Monitor	Database	high
9844	Oracle MySQL 5.5.x < 5.5.54 Multiple Vulnerabilities	Nessus Network Monitor	Database	high
95881	MySQL 5.7.x < 5.7.17 Multiple Vulnerabilities (January 2017 CPU) (July 2017 CPU)	Nessus	Databases	high
95880	MySQL 5.7.x < 5.7.17 Multiple Vulnerabilities (January 2017 CPU) (July 2017 CPU)	Nessus	Databases	high
95879	MySQL 5.6.x < 5.6.35 Multiple Vulnerabilities (January 2017 CPU)	Nessus	Databases	high
95878	MySQL 5.6.x < 5.6.35 Multiple Vulnerabilities (January 2017 CPU)	Nessus	Databases	high
95877	MySQL 5.5.x < 5.5.54 Multiple Vulnerabilities (January 2017 CPU)	Nessus	Databases	high
95876	MySQL 5.5.x < 5.5.54 Multiple Vulnerabilities (January 2017 CPU)	Nessus	Databases	high