DSA-3834

http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

97763

1038287

The remote host is affected by the vulnerability described in GLSA-201802-04 (MySQL: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in MySQL. Please review       the referenced CVE identifiers for details.
  Impact :

    A remote attacker could execute arbitrary code without authentication or       cause a partial denial of service condition.
  Workaround :

    There are no known workarounds at this time.

This update for mysql-community-server to version 5.6.36 fixes the following issues :

These security issues were fixed :

  - CVE-2016-5483: Mysqldump failed to properly quote     certain identifiers in SQL statements written to the     dump output, allowing for execution of arbitrary     commands (bsc#1029014)

  - CVE-2017-3305: MySQL client sent authentication request     unencrypted even if SSL was required (aka Ridddle)     (bsc#1029396).

  - CVE-2017-3308: Unspecified vulnerability in Server: DML     (boo#1034850)

  - CVE-2017-3309: Unspecified vulnerability in Server:
    Optimizer (boo#1034850)

  - CVE-2017-3329: Unspecified vulnerability in Server:
    Thread (boo#1034850)

  - CVE-2017-3453: Unspecified vulnerability in Server:
    Optimizer (boo#1034850)

  - CVE-2017-3456: Unspecified vulnerability in Server: DML     (boo#1034850)

  - CVE-2017-3461: Unspecified vulnerability in Server:
    Security (boo#1034850)

  - CVE-2017-3462: Unspecified vulnerability in Server:
    Security (boo#1034850)

  - CVE-2017-3463: Unspecified vulnerability in Server:
    Security (boo#1034850)

  - CVE-2017-3464: Unspecified vulnerability in Server: DDL     (boo#1034850)

  - CVE-2017-3302: Crash in libmysqlclient.so (bsc#1022428).

  - CVE-2017-3450: Unspecified vulnerability Server:
    Memcached

  - CVE-2017-3452: Unspecified vulnerability Server:
    Optimizer

  - CVE-2017-3599: Unspecified vulnerability Server:
    Pluggable Auth

  - CVE-2017-3600: Unspecified vulnerability in Client:
    mysqldump (boo#1034850)

  - '--ssl-mode=REQUIRED' can be specified to require a     secure connection (it fails if a secure connection     cannot be obtained)

These non-security issues were fixed :

  - Set the default umask to 077 in mysql-systemd-helper     (boo#1020976)

  - Change permissions of the configuration dir/files to     755/644. Please note that storing the password in the     /etc/my.cnf file is not safe. Use for example an option     file that is accessible only by yourself (boo#889126)

For more information please see http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-36.html

This update for mysql to version 5.5.55 fixes the following issues:
These security issues were fixed :

  - CVE-2017-3308: Unspecified vulnerability in Server: DML     (bsc#1034850)

  - CVE-2017-3309: Unspecified vulnerability in Server:
    Optimizer (bsc#1034850)

  - CVE-2017-3329: Unspecified vulnerability in Server:
    Thread (bsc#1034850)

  - CVE-2017-3600: Unspecified vulnerability in Client:
    mysqldump (bsc#1034850)

  - CVE-2017-3453: Unspecified vulnerability in Server:
    Optimizer (bsc#1034850)

  - CVE-2017-3456: Unspecified vulnerability in Server: DML     (bsc#1034850)

  - CVE-2017-3463: Unspecified vulnerability in Server:
    Security (bsc#1034850)

  - CVE-2017-3462: Unspecified vulnerability in Server:
    Security (bsc#1034850)

  - CVE-2017-3461: Unspecified vulnerability in Server:
    Security (bsc#1034850)

  - CVE-2017-3464: Unspecified vulnerability in Server: DDL     (bsc#1034850)

  - CVE-2017-3305: MySQL client sent authentication request     unencrypted even if SSL was required (aka Ridddle)     (bsc#1029396).

  - CVE-2016-5483: Mysqldump failed to properly quote     certain identifiers in SQL statements written to the     dump output, allowing for execution of arbitrary     commands (bsc#1029014)

  - '--ssl-mode=REQUIRED' can be specified to require a     secure connection (it fails if a secure connection     cannot be obtained)

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.

MySQL has been updated to 5.5.55 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04 have been updated to MySQL 5.7.18.

In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-55.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-18.html http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618 .html.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.55, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details :

  -     https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5
    -55.html
  -     http://www.oracle.com/technetwork/security-advisory/cpua     pr2017-3236618.html

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.55, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details :

https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-55.html http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618 .html

For Debian 7 'Wheezy', these problems have been fixed in version 5.5.55-0+deb7u1.

We recommend that you upgrade your mysql-5.5 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of MySQL installed on the remote host is version 5.7.x prior to 5.7.18 and is affected by multiple issues :

 - An unspecified flaw exists related to the DML subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3308)
 - An unspecified flaw exists related to the Optimizer subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3309)
 - An unspecified flaw exists related to the Thread Pooling subcomponent. This may allow a remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3329)
 - An unspecified flaw exists related to the DML subcomponent. This may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3331, CVE-2017-3456, CVE-2017-3457, CVE-2017-3458)
 - An unspecified flaw exists related to the Memcached subcomponent. This may allow a remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3450)
 - An unspecified flaw exists related to the Optimizer subcomponent. This may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3452, CVE-2017-3453, CVE-2017-3459)
 - An unspecified flaw exists related to the InnoDB subcomponent. This may allow an authenticated attacker to have an impact on integrity and availability. No further details have been provided by the vendor. (CVE-2017-3454)
 - An unspecified flaw exists related to the Security: Privileges subcomponent. This may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3455, CVE-2017-3461, CVE-2017-3462, CVE-2017-3463, CVE-2017-3465)
 - An unspecified flaw exists related to the Audit Plug-in subcomponent. This may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3460)
 - An unspecified flaw exists related to the DDL subcomponent. This may allow an authenticated attacker to have an impact on integrity. No further details have been provided by the vendor. (CVE-2017-3464)
 - An unspecified flaw exists related to the C API subcomponent. This may allow a remote attacker to gain access to potentially sensitive information. No further details have been provided by the vendor. (CVE-2017-3467)
 - An unspecified flaw exists related to the Security: Encryption subcomponent. This may allow an authenticated attacker to have an impact on integrity. No further details have been provided by the vendor. (CVE-2017-3468)
 - An unspecified flaw exists related to the Pluggable Auth subcomponent. This may allow a remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3599)
 - An unspecified flaw exists related to the Client mysqldump subcomponent. This may allow an authenticated attacker to potentially execute arbitrary code. No further details have been provided by the vendor. (CVE-2017-3600)

The version of MySQL installed on the remote host is version 5.6.x prior to 5.6.36 and is affected by multiple issues :

 - An unspecified flaw exists related to the DML subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3308)
 - An unspecified flaw exists related to the Optimizer subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3309, CVE-2017-3452, CVE-2017-3453)
 - An unspecified flaw exists related to the Thread Pooling subcomponent. This may allow a remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3329)
 - An unspecified flaw exists related to the Memcached subcomponent. This may allow a remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3450)
 - An unspecified flaw exists related to the DML subcomponent. This may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3456)
 - An unspecified flaw exists related to the Security: Privileges subcomponent. This may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3461, CVE-2017-3462, CVE-2017-3463)
 - An unspecified flaw exists related to the DDL subcomponent. This may allow an authenticated attacker to have an unspecified impact on integrity. No further details have been provided by the vendor. (CVE-2017-3464)
 - An unspecified flaw exists related to the Pluggable Auth subcomponent. This may allow a remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3599)
 - An unspecified flaw exists related to the Client mysqldump subcomponent. This may allow an authenticated attacker to potentially execute arbitrary code. No further details have been provided by the vendor. (CVE-2017-3600)

The version of MySQL installed on the remote host is version 5.5.x prior to 5.5.55 and is affected by multiple issues :

 - An unspecified flaw exists related to the DML subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3308, CVE-2017-3456)
 - An unspecified flaw exists related to the Optimizer subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3309, CVE-2017-3452, CVE-2017-3453)
 - An unspecified flaw exists related to the Thread Pooling subcomponent. This may allow a remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3329)
 - An unspecified flaw exists related to the Security: Privileges subcomponent. This may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3461, CVE-2017-3462, CVE-2017-3463)
 - An unspecified flaw exists related to the DDL subcomponent. This may allow an authenticated attacker to have an impact on integrity. No further details have been provided by the vendor. (CVE-2017-3464)
 - An unspecified flaw exists related to the Client mysqldump subcomponent. This may allow an authenticated attacker to potentially execute arbitrary code. No further details have been provided by the vendor. (CVE-2017-3600)

The version of MySQL running on the remote host is 5.7.x prior to 5.7.18. It is, therefore, affected by multiple vulnerabilities :

  - A carry propagation error exists in the OpenSSL     component in the Broadwell-specific Montgomery     multiplication procedure when handling input lengths     divisible by but longer than 256 bits. This can result     in transient authentication and key negotiation failures     or reproducible erroneous outcomes of public-key     operations with specially crafted input. A     man-in-the-middle attacker can possibly exploit this     issue to compromise ECDH key negotiations that utilize     Brainpool P-512 curves. (CVE-2016-7055)

  - Multiple unspecified flaws exist in the DML subcomponent     that allow an authenticated, remote attacker to cause a     denial of service condition. Note that CVE-2017-3331     only affects versions 5.7.11 to 5.7.17. (CVE-2017-3308,     CVE-2017-3331, CVE-2017-3456, CVE-2017-3457,     CVE-2017-3458)

  - Multiple unspecified flaws exist in the Optimizer     subcomponent that allow an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-3309, CVE-2017-3453, CVE-2017-3459)

  - An unspecified flaw exists in the Thread Pooling     subcomponent that allows an unauthenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-3329)

  - An unspecified flaw exists in the Memcached subcomponent     that allows an unauthenticated, remote attacker to cause     a denial of service condition. (CVE-2017-3450)

  - An unspecified flaw exists in the InnoDB subcomponent     that allows an authenticated, remote attacker to insert     and delete data contained in the database or cause a     denial of service condition. (CVE-2017-3454)

  - An unspecified flaw exists in the 'Security: Privileges'     subcomponent that allows an authenticated, remote     attacker to insert or delete data contained in the     database or disclose sensitive information.
    (CVE-2017-3455)

  - An unspecified flaw exists in the Audit Plug-in     subcomponent that allows an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-3460)

  - Multiple unspecified flaws exist in the     'Security: Privileges' subcomponent that allow an     authenticated, remote attacker to cause a denial of     service condition. (CVE-2017-3461, CVE-2017-3462,     CVE-2017-3463)

  - An unspecified flaw exists in the DDL subcomponent that     allows an authenticated, remote attacker to update,     insert, or delete data contained in the database.
    (CVE-2017-3464)

  - An unspecified flaw exists in the 'Security: Privileges'     subcomponent that allows an authenticated, remote     attacker to update, insert, or delete data contained in     the database. (CVE-2017-3465)

  - An unspecified flaw exists in the C API subcomponent     that allows an unauthenticated, remote attacker to     disclose sensitive information. (CVE-2017-3467)

  - An unspecified flaw exists in the 'Security: Encryption'     subcomponent that allows an authenticated, remote     attacker to update, insert, or delete data contained in     the database. (CVE-2017-3468)

  - An unspecified flaw exists in the Pluggable Auth     subcomponent that allows an unauthenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-3599)

  - An unspecified flaw exists in the 'Client mysqldump'     subcomponent that allows an authenticated, remote     attacker to execute arbitrary code. (CVE-2017-3600)

  - An out-of-bounds read error exists in the OpenSSL     component when handling packets using the     CHACHA20/POLY1305 or RC4-MD5 ciphers. An     unauthenticated, remote attacker can exploit this, via     specially crafted truncated packets, to cause a denial     of service condition. (CVE-2017-3731)

  - A carry propagating error exists in the OpenSSL     component in the x86_64 Montgomery squaring     implementation that may cause the BN_mod_exp() function     to produce incorrect results. An unauthenticated, remote     attacker with sufficient resources can exploit this to     obtain sensitive information regarding private keys.
    (CVE-2017-3732)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of MySQL running on the remote host is 5.6.x prior to 5.6.36. It is, therefore, affected by multiple vulnerabilities :

  - A use-after-free error exists in the     mysql_prune_stmt_list() function in client.c that allows     an authenticated, remote attacker to cause a denial of     service condition. (CVE-2017-3302)

  - A carry propagation error exists in the OpenSSL     component in the Broadwell-specific Montgomery     multiplication procedure when handling input lengths     divisible by but longer than 256 bits. This can result     in transient authentication and key negotiation failures     or reproducible erroneous outcomes of public-key     operations with specially crafted input. A     man-in-the-middle attacker can possibly exploit this     issue to compromise ECDH key negotiations that utilize     Brainpool P-512 curves. (CVE-2016-7055)

  - An authentication information disclosure vulnerability,     known as Riddle, exists due to authentication being     performed prior to security parameter verification. A     man-in-the-middle (MitM) attacker can exploit this     vulnerability to disclose sensitive authentication     information, which the attacker can later use for     authenticating to the server. (CVE-2017-3305)

  - Multiple unspecified flaws exist in the DML subcomponent     that allow an authenticated, remote attacker to cause a     denial of service condition. (CVE-2017-3308,     CVE-2017-3456)

  - Multiple unspecified flaws exist in the Optimizer     subcomponent that allow an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-3309, CVE-2017-3452, CVE-2017-3453)

  - An unspecified flaw exists in the Thread Pooling     subcomponent that allows an unauthenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-3329)

  - An unspecified flaw exists in the Memcached subcomponent     that allows an unauthenticated, remote attacker to cause     a denial of service condition. (CVE-2017-3450)

  - Multiple unspecified flaws exist in the     'Security: Privileges' subcomponent that allow an     authenticated, remote attacker to cause a denial of     service condition. (CVE-2017-3461, CVE-2017-3462,     CVE-2017-3463)

  - An unspecified flaw exists in the DDL subcomponent that     allows an authenticated, remote attacker to update,     insert, or delete data contained in the database.
    (CVE-2017-3464)

  - An unspecified flaw exists in the Pluggable Auth     subcomponent that allows an unauthenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-3599)

  - An unspecified flaw exists in the 'Client mysqldump'     subcomponent that allows an authenticated, remote     attacker to execute arbitrary code. (CVE-2017-3600)

  - An out-of-bounds read error exists in the OpenSSL     component when handling packets using the     CHACHA20/POLY1305 or RC4-MD5 ciphers. An     unauthenticated, remote attacker can exploit this, via     specially crafted truncated packets, to cause a denial     of service condition. (CVE-2017-3731)

  - A carry propagating error exists in the OpenSSL     component in the x86_64 Montgomery squaring     implementation that may cause the BN_mod_exp() function     to produce incorrect results. An unauthenticated, remote     attacker with sufficient resources can exploit this to     obtain sensitive information regarding private keys.
    (CVE-2017-3732)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of MySQL running on the remote host is 5.5.x prior to 5.5.55. It is, therefore, affected by multiple vulnerabilities :

  - A use-after-free error exists in the     mysql_prune_stmt_list() function in client.c that allows     an authenticated, remote attacker to cause a denial of     service condition. (CVE-2017-3302)

  - An authentication information disclosure vulnerability,     known as Riddle, exists due to authentication being     performed prior to security parameter verification. A     man-in-the-middle (MitM) attacker can exploit this     vulnerability to disclose sensitive authentication     information, which the attacker can later use for     authenticating to the server. (CVE-2017-3305)

  - Multiple unspecified flaws exist in the DML subcomponent     that allow an authenticated, remote attacker to cause a     denial of service condition. (CVE-2017-3308,     CVE-2017-3456)

  - Multiple unspecified flaws exist in the Optimizer     subcomponent that allow an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-3309, CVE-2017-3453)

  - An unspecified flaw exists in the Thread Pooling     subcomponent that allows an unauthenticated, remote     attacker to update, insert, or delete data contained in     the database. (CVE-2017-3329)

  - Multiple unspecified flaws exist in the     'Security: Privileges' subcomponent that allow an     authenticated, remote attacker to cause a denial of     service condition. (CVE-2017-3461, CVE-2017-3462,     CVE-2017-3463)

  - An unspecified flaw exists in the DDL subcomponent that     allows an authenticated, remote attacker to update,     insert, or delete data contained in the database.
    (CVE-2017-3464)

  - An unspecified flaw exists in the 'Client mysqldump'     subcomponent that allows an authenticated, remote     attacker to execute arbitrary code. (CVE-2017-3600)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of MySQL running on the remote host is 5.7.x prior to 5.7.18. It is, therefore, affected by multiple vulnerabilities :

  - A carry propagation error exists in the OpenSSL     component in the Broadwell-specific Montgomery     multiplication procedure when handling input lengths     divisible by but longer than 256 bits. This can result     in transient authentication and key negotiation failures     or reproducible erroneous outcomes of public-key     operations with specially crafted input. A     man-in-the-middle attacker can possibly exploit this     issue to compromise ECDH key negotiations that utilize     Brainpool P-512 curves. (CVE-2016-7055)

  - Multiple unspecified flaws exist in the DML subcomponent     that allow an authenticated, remote attacker to cause a     denial of service condition. (CVE-2017-3308,     CVE-2017-3331, CVE-2017-3456, CVE-2017-3457,     CVE-2017-3458)

  - Multiple unspecified flaws exist in the Optimizer     subcomponent that allow an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-3309, CVE-2017-3453, CVE-2017-3459)

  - An unspecified flaw exists in the Thread Pooling     subcomponent that allows an unauthenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-3329)

  - An unspecified flaw exists in the Memcached subcomponent     that allows an unauthenticated, remote attacker to cause     a denial of service condition. (CVE-2017-3450)

  - An unspecified flaw exists in the InnoDB subcomponent     that allows an authenticated, remote attacker to insert     and delete data contained in the database or cause a     denial of service condition. (CVE-2017-3454)

  - An unspecified flaw exists in the 'Security: Privileges'     subcomponent that allows an authenticated, remote     attacker to insert or delete data contained in the     database or disclose sensitive information.
    (CVE-2017-3455)

  - An unspecified flaw exists in the Audit Plug-in     subcomponent that allows an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-3460)

  - Multiple unspecified flaws exist in the     'Security: Privileges' subcomponent that allow an     authenticated, remote attacker to cause a denial of     service condition. (CVE-2017-3461, CVE-2017-3462,     CVE-2017-3463)

  - An unspecified flaw exists in the DDL subcomponent that     allows an authenticated, remote attacker to update,     insert, or delete data contained in the database.
    (CVE-2017-3464)

  - An unspecified flaw exists in the 'Security: Privileges'     subcomponent that allows an authenticated, remote     attacker to update, insert, or delete data contained in     the database. (CVE-2017-3465)

  - An unspecified flaw exists in the C API subcomponent     that allows an unauthenticated, remote attacker to     disclose sensitive information. (CVE-2017-3467)

  - An unspecified flaw exists in the 'Security: Encryption'     subcomponent that allows an authenticated, remote     attacker to update, insert, or delete data contained in     the database. (CVE-2017-3468)

  - An unspecified flaw exists in the Pluggable Auth     subcomponent that allows an unauthenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-3599)

  - An unspecified flaw exists in the 'Client mysqldump'     subcomponent that allows an authenticated, remote     attacker to execute arbitrary code. (CVE-2017-3600)

  - An out-of-bounds read error exists in the OpenSSL     component when handling packets using the     CHACHA20/POLY1305 or RC4-MD5 ciphers. An     unauthenticated, remote attacker can exploit this, via     specially crafted truncated packets, to cause a denial     of service condition. (CVE-2017-3731)

  - A carry propagating error exists in the OpenSSL     component in the x86_64 Montgomery squaring     implementation that may cause the BN_mod_exp() function     to produce incorrect results. An unauthenticated, remote     attacker with sufficient resources can exploit this to     obtain sensitive information regarding private keys.
    (CVE-2017-3732)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of MySQL running on the remote host is 5.6.x prior to 5.6.36. It is, therefore, affected by multiple vulnerabilities :

  - A carry propagation error exists in the OpenSSL     component in the Broadwell-specific Montgomery     multiplication procedure when handling input lengths     divisible by but longer than 256 bits. This can result     in transient authentication and key negotiation failures     or reproducible erroneous outcomes of public-key     operations with specially crafted input. A     man-in-the-middle attacker can possibly exploit this     issue to compromise ECDH key negotiations that utilize     Brainpool P-512 curves. (CVE-2016-7055)

  - An authentication information disclosure vulnerability,     known as Riddle, exists due to authentication being     performed prior to security parameter verification. A     man-in-the-middle (MitM) attacker can exploit this     vulnerability to disclose sensitive authentication     information, which the attacker can later use for     authenticating to the server. (CVE-2017-3305)

  - Multiple unspecified flaws exist in the DML subcomponent     that allow an authenticated, remote attacker to cause a     denial of service condition. (CVE-2017-3308,     CVE-2017-3456)

  - Multiple unspecified flaws exist in the Optimizer     subcomponent that allow an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-3309, CVE-2017-3452, CVE-2017-3453)

  - An unspecified flaw exists in the Thread Pooling     subcomponent that allows an unauthenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-3329)

  - An unspecified flaw exists in the Memcached subcomponent     that allows an unauthenticated, remote attacker to cause     a denial of service condition. (CVE-2017-3450)

  - Multiple unspecified flaws exist in the     'Security: Privileges' subcomponent that allow an     authenticated, remote attacker to cause a denial of     service condition. (CVE-2017-3461, CVE-2017-3462,     CVE-2017-3463)

  - An unspecified flaw exists in the DDL subcomponent that     allows an authenticated, remote attacker to update,     insert, or delete data contained in the database.
    (CVE-2017-3464)

  - An unspecified flaw exists in the Pluggable Auth     subcomponent that allows an unauthenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-3599)

  - An unspecified flaw exists in the 'Client mysqldump'     subcomponent that allows an authenticated, remote     attacker to execute arbitrary code. (CVE-2017-3600)

  - An out-of-bounds read error exists in the OpenSSL     component when handling packets using the     CHACHA20/POLY1305 or RC4-MD5 ciphers. An     unauthenticated, remote attacker can exploit this, via     specially crafted truncated packets, to cause a denial     of service condition. (CVE-2017-3731)

  - A carry propagating error exists in the OpenSSL     component in the x86_64 Montgomery squaring     implementation that may cause the BN_mod_exp() function     to produce incorrect results. An unauthenticated, remote     attacker with sufficient resources can exploit this to     obtain sensitive information regarding private keys.
    (CVE-2017-3732)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Oracle reports :

This Critical Patch Update contains 39 new security fixes for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

ID	Name	Product	Family	Severity
106885	GLSA-201802-04 : MySQL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
100039	openSUSE Security Update : mysql-community-server (openSUSE-2017-555) (Riddle)	Nessus	SuSE Local Security Checks	high
99760	SUSE SLES11 Security Update : mysql (SUSE-SU-2017:1137-1) (Riddle)	Nessus	SuSE Local Security Checks	medium
99723	Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3269-1) (Riddle)	Nessus	Ubuntu Local Security Checks	high
99675	Debian DSA-3834-1 : mysql-5.5 - security update (Riddle)	Nessus	Debian Local Security Checks	medium
99673	Debian DLA-916-1 : mysql-5.5 security update (Riddle)	Nessus	Debian Local Security Checks	medium
700064	Oracle MySQL 5.7.x < 5.7.18 Multiple Vulnerabilities	Nessus Network Monitor	Database	high
700063	Oracle MySQL 5.6.x < 5.6.36 Multiple Vulnerabilities	Nessus Network Monitor	Database	high
700062	Oracle MySQL 5.5.x < 5.5.55 Multiple Vulnerabilities	Nessus Network Monitor	Database	high
99516	MySQL 5.7.x < 5.7.18 Multiple Vulnerabilities (April 2017 CPU) (July 2017 CPU)	Nessus	Databases	medium
99515	MySQL 5.6.x < 5.6.36 Multiple Vulnerabilities (April 2017 CPU) (July 2017 CPU) (Riddle)	Nessus	Databases	medium
99514	MySQL 5.5.x < 5.5.55 Multiple Vulnerabilities (April 2017 CPU) (Riddle)	Nessus	Databases	medium
99513	MySQL 5.7.x < 5.7.18 Multiple Vulnerabilities (April 2017 CPU) (July 2017 CPU)	Nessus	Databases	medium
99512	MySQL 5.6.x < 5.6.36 Multiple Vulnerabilities (April 2017 CPU) (July 2017 CPU) (Riddle)	Nessus	Databases	medium
99510	MySQL 5.5.x < 5.5.55 Multiple Vulnerabilities (April 2017 CPU) (Riddle)	Nessus	Databases	medium
99497	FreeBSD : MySQL -- multiple vulnerabilities (d9e01c35-2531-11e7-b291-b499baebfeaf) (Riddle)	Nessus	FreeBSD Local Security Checks	high

CVE-2017-3329

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins