http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

97754

1038287

RHSA-2017:2787

RHSA-2017:2886

41954

https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/

The remote host is affected by the vulnerability described in GLSA-201802-04 (MySQL: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in MySQL. Please review       the referenced CVE identifiers for details.
  Impact :

    A remote attacker could execute arbitrary code without authentication or       cause a partial denial of service condition.
  Workaround :

    There are no known workarounds at this time.

Server: Security: Privileges unspecified vulnerability (CPU Apr 2017) :

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily 'exploitable' vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
(CVE-2017-3462)

Security: Privileges unspecified vulnerability (CPU Apr 2017)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily 'exploitable' vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
(CVE-2017-3463)

Server: Security: Privileges unspecified vulnerability (CPU Apr 2017)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily 'exploitable' vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
(CVE-2017-3461)

Server: DDL unspecified vulnerability (CPU Apr 2017) :

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). (CVE-2017-3464)

Unsafe chmod/chown use in init script (CPU Jan 2017)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts). (CVE-2017-3265)

Server: Optimizer unspecified vulnerability (CPU Apr 2017)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). (CVE-2017-3309)

Server: DML unspecified vulnerability (CPU Apr 2017)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.
While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). (CVE-2017-3308)

Server: DML unspecified vulnerability (CPU Apr 2017)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily 'exploitable' vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
(CVE-2017-3456)

Server: Memcached unspecified vulnerability (CPU Apr 2017)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily 'exploitable' vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
(CVE-2017-3450)

Server: Optimizer unspecified vulnerability (CPU Apr 2017)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
(CVE-2017-3453)

Integer underflow in get_56_lenc_string() leading to DoS (CPU Apr 2017) :

An integer overflow flaw leading to a buffer overflow was found in the way MySQL parsed connection handshake packets. An unauthenticated remote attacker with access to the MySQL port could use this flaw to crash the mysqld daemon. (CVE-2017-3599)

This update for mysql-community-server to version 5.6.36 fixes the following issues :

These security issues were fixed :

  - CVE-2016-5483: Mysqldump failed to properly quote     certain identifiers in SQL statements written to the     dump output, allowing for execution of arbitrary     commands (bsc#1029014)

  - CVE-2017-3305: MySQL client sent authentication request     unencrypted even if SSL was required (aka Ridddle)     (bsc#1029396).

  - CVE-2017-3308: Unspecified vulnerability in Server: DML     (boo#1034850)

  - CVE-2017-3309: Unspecified vulnerability in Server:
    Optimizer (boo#1034850)

  - CVE-2017-3329: Unspecified vulnerability in Server:
    Thread (boo#1034850)

  - CVE-2017-3453: Unspecified vulnerability in Server:
    Optimizer (boo#1034850)

  - CVE-2017-3456: Unspecified vulnerability in Server: DML     (boo#1034850)

  - CVE-2017-3461: Unspecified vulnerability in Server:
    Security (boo#1034850)

  - CVE-2017-3462: Unspecified vulnerability in Server:
    Security (boo#1034850)

  - CVE-2017-3463: Unspecified vulnerability in Server:
    Security (boo#1034850)

  - CVE-2017-3464: Unspecified vulnerability in Server: DDL     (boo#1034850)

  - CVE-2017-3302: Crash in libmysqlclient.so (bsc#1022428).

  - CVE-2017-3450: Unspecified vulnerability Server:
    Memcached

  - CVE-2017-3452: Unspecified vulnerability Server:
    Optimizer

  - CVE-2017-3599: Unspecified vulnerability Server:
    Pluggable Auth

  - CVE-2017-3600: Unspecified vulnerability in Client:
    mysqldump (boo#1034850)

  - '--ssl-mode=REQUIRED' can be specified to require a     secure connection (it fails if a secure connection     cannot be obtained)

These non-security issues were fixed :

  - Set the default umask to 077 in mysql-systemd-helper     (boo#1020976)

  - Change permissions of the configuration dir/files to     755/644. Please note that storing the password in the     /etc/my.cnf file is not safe. Use for example an option     file that is accessible only by yourself (boo#889126)

For more information please see http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-36.html

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.

MySQL has been updated to 5.5.55 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04 have been updated to MySQL 5.7.18.

In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-55.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-18.html http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618 .html.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of MySQL installed on the remote host is version 5.7.x prior to 5.7.18 and is affected by multiple issues :

 - An unspecified flaw exists related to the DML subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3308)
 - An unspecified flaw exists related to the Optimizer subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3309)
 - An unspecified flaw exists related to the Thread Pooling subcomponent. This may allow a remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3329)
 - An unspecified flaw exists related to the DML subcomponent. This may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3331, CVE-2017-3456, CVE-2017-3457, CVE-2017-3458)
 - An unspecified flaw exists related to the Memcached subcomponent. This may allow a remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3450)
 - An unspecified flaw exists related to the Optimizer subcomponent. This may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3452, CVE-2017-3453, CVE-2017-3459)
 - An unspecified flaw exists related to the InnoDB subcomponent. This may allow an authenticated attacker to have an impact on integrity and availability. No further details have been provided by the vendor. (CVE-2017-3454)
 - An unspecified flaw exists related to the Security: Privileges subcomponent. This may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3455, CVE-2017-3461, CVE-2017-3462, CVE-2017-3463, CVE-2017-3465)
 - An unspecified flaw exists related to the Audit Plug-in subcomponent. This may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3460)
 - An unspecified flaw exists related to the DDL subcomponent. This may allow an authenticated attacker to have an impact on integrity. No further details have been provided by the vendor. (CVE-2017-3464)
 - An unspecified flaw exists related to the C API subcomponent. This may allow a remote attacker to gain access to potentially sensitive information. No further details have been provided by the vendor. (CVE-2017-3467)
 - An unspecified flaw exists related to the Security: Encryption subcomponent. This may allow an authenticated attacker to have an impact on integrity. No further details have been provided by the vendor. (CVE-2017-3468)
 - An unspecified flaw exists related to the Pluggable Auth subcomponent. This may allow a remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3599)
 - An unspecified flaw exists related to the Client mysqldump subcomponent. This may allow an authenticated attacker to potentially execute arbitrary code. No further details have been provided by the vendor. (CVE-2017-3600)

The version of MySQL installed on the remote host is version 5.6.x prior to 5.6.36 and is affected by multiple issues :

 - An unspecified flaw exists related to the DML subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3308)
 - An unspecified flaw exists related to the Optimizer subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3309, CVE-2017-3452, CVE-2017-3453)
 - An unspecified flaw exists related to the Thread Pooling subcomponent. This may allow a remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3329)
 - An unspecified flaw exists related to the Memcached subcomponent. This may allow a remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3450)
 - An unspecified flaw exists related to the DML subcomponent. This may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3456)
 - An unspecified flaw exists related to the Security: Privileges subcomponent. This may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3461, CVE-2017-3462, CVE-2017-3463)
 - An unspecified flaw exists related to the DDL subcomponent. This may allow an authenticated attacker to have an unspecified impact on integrity. No further details have been provided by the vendor. (CVE-2017-3464)
 - An unspecified flaw exists related to the Pluggable Auth subcomponent. This may allow a remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2017-3599)
 - An unspecified flaw exists related to the Client mysqldump subcomponent. This may allow an authenticated attacker to potentially execute arbitrary code. No further details have been provided by the vendor. (CVE-2017-3600)

The version of MySQL running on the remote host is 5.7.x prior to 5.7.18. It is, therefore, affected by multiple vulnerabilities :

  - A carry propagation error exists in the OpenSSL     component in the Broadwell-specific Montgomery     multiplication procedure when handling input lengths     divisible by but longer than 256 bits. This can result     in transient authentication and key negotiation failures     or reproducible erroneous outcomes of public-key     operations with specially crafted input. A     man-in-the-middle attacker can possibly exploit this     issue to compromise ECDH key negotiations that utilize     Brainpool P-512 curves. (CVE-2016-7055)

  - Multiple unspecified flaws exist in the DML subcomponent     that allow an authenticated, remote attacker to cause a     denial of service condition. Note that CVE-2017-3331     only affects versions 5.7.11 to 5.7.17. (CVE-2017-3308,     CVE-2017-3331, CVE-2017-3456, CVE-2017-3457,     CVE-2017-3458)

  - Multiple unspecified flaws exist in the Optimizer     subcomponent that allow an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-3309, CVE-2017-3453, CVE-2017-3459)

  - An unspecified flaw exists in the Thread Pooling     subcomponent that allows an unauthenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-3329)

  - An unspecified flaw exists in the Memcached subcomponent     that allows an unauthenticated, remote attacker to cause     a denial of service condition. (CVE-2017-3450)

  - An unspecified flaw exists in the InnoDB subcomponent     that allows an authenticated, remote attacker to insert     and delete data contained in the database or cause a     denial of service condition. (CVE-2017-3454)

  - An unspecified flaw exists in the 'Security: Privileges'     subcomponent that allows an authenticated, remote     attacker to insert or delete data contained in the     database or disclose sensitive information.
    (CVE-2017-3455)

  - An unspecified flaw exists in the Audit Plug-in     subcomponent that allows an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-3460)

  - Multiple unspecified flaws exist in the     'Security: Privileges' subcomponent that allow an     authenticated, remote attacker to cause a denial of     service condition. (CVE-2017-3461, CVE-2017-3462,     CVE-2017-3463)

  - An unspecified flaw exists in the DDL subcomponent that     allows an authenticated, remote attacker to update,     insert, or delete data contained in the database.
    (CVE-2017-3464)

  - An unspecified flaw exists in the 'Security: Privileges'     subcomponent that allows an authenticated, remote     attacker to update, insert, or delete data contained in     the database. (CVE-2017-3465)

  - An unspecified flaw exists in the C API subcomponent     that allows an unauthenticated, remote attacker to     disclose sensitive information. (CVE-2017-3467)

  - An unspecified flaw exists in the 'Security: Encryption'     subcomponent that allows an authenticated, remote     attacker to update, insert, or delete data contained in     the database. (CVE-2017-3468)

  - An unspecified flaw exists in the Pluggable Auth     subcomponent that allows an unauthenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-3599)

  - An unspecified flaw exists in the 'Client mysqldump'     subcomponent that allows an authenticated, remote     attacker to execute arbitrary code. (CVE-2017-3600)

  - An out-of-bounds read error exists in the OpenSSL     component when handling packets using the     CHACHA20/POLY1305 or RC4-MD5 ciphers. An     unauthenticated, remote attacker can exploit this, via     specially crafted truncated packets, to cause a denial     of service condition. (CVE-2017-3731)

  - A carry propagating error exists in the OpenSSL     component in the x86_64 Montgomery squaring     implementation that may cause the BN_mod_exp() function     to produce incorrect results. An unauthenticated, remote     attacker with sufficient resources can exploit this to     obtain sensitive information regarding private keys.
    (CVE-2017-3732)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of MySQL running on the remote host is 5.6.x prior to 5.6.36. It is, therefore, affected by multiple vulnerabilities :

  - A use-after-free error exists in the     mysql_prune_stmt_list() function in client.c that allows     an authenticated, remote attacker to cause a denial of     service condition. (CVE-2017-3302)

  - A carry propagation error exists in the OpenSSL     component in the Broadwell-specific Montgomery     multiplication procedure when handling input lengths     divisible by but longer than 256 bits. This can result     in transient authentication and key negotiation failures     or reproducible erroneous outcomes of public-key     operations with specially crafted input. A     man-in-the-middle attacker can possibly exploit this     issue to compromise ECDH key negotiations that utilize     Brainpool P-512 curves. (CVE-2016-7055)

  - An authentication information disclosure vulnerability,     known as Riddle, exists due to authentication being     performed prior to security parameter verification. A     man-in-the-middle (MitM) attacker can exploit this     vulnerability to disclose sensitive authentication     information, which the attacker can later use for     authenticating to the server. (CVE-2017-3305)

  - Multiple unspecified flaws exist in the DML subcomponent     that allow an authenticated, remote attacker to cause a     denial of service condition. (CVE-2017-3308,     CVE-2017-3456)

  - Multiple unspecified flaws exist in the Optimizer     subcomponent that allow an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-3309, CVE-2017-3452, CVE-2017-3453)

  - An unspecified flaw exists in the Thread Pooling     subcomponent that allows an unauthenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-3329)

  - An unspecified flaw exists in the Memcached subcomponent     that allows an unauthenticated, remote attacker to cause     a denial of service condition. (CVE-2017-3450)

  - Multiple unspecified flaws exist in the     'Security: Privileges' subcomponent that allow an     authenticated, remote attacker to cause a denial of     service condition. (CVE-2017-3461, CVE-2017-3462,     CVE-2017-3463)

  - An unspecified flaw exists in the DDL subcomponent that     allows an authenticated, remote attacker to update,     insert, or delete data contained in the database.
    (CVE-2017-3464)

  - An unspecified flaw exists in the Pluggable Auth     subcomponent that allows an unauthenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-3599)

  - An unspecified flaw exists in the 'Client mysqldump'     subcomponent that allows an authenticated, remote     attacker to execute arbitrary code. (CVE-2017-3600)

  - An out-of-bounds read error exists in the OpenSSL     component when handling packets using the     CHACHA20/POLY1305 or RC4-MD5 ciphers. An     unauthenticated, remote attacker can exploit this, via     specially crafted truncated packets, to cause a denial     of service condition. (CVE-2017-3731)

  - A carry propagating error exists in the OpenSSL     component in the x86_64 Montgomery squaring     implementation that may cause the BN_mod_exp() function     to produce incorrect results. An unauthenticated, remote     attacker with sufficient resources can exploit this to     obtain sensitive information regarding private keys.
    (CVE-2017-3732)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of MySQL running on the remote host is 5.7.x prior to 5.7.18. It is, therefore, affected by multiple vulnerabilities :

  - A carry propagation error exists in the OpenSSL     component in the Broadwell-specific Montgomery     multiplication procedure when handling input lengths     divisible by but longer than 256 bits. This can result     in transient authentication and key negotiation failures     or reproducible erroneous outcomes of public-key     operations with specially crafted input. A     man-in-the-middle attacker can possibly exploit this     issue to compromise ECDH key negotiations that utilize     Brainpool P-512 curves. (CVE-2016-7055)

  - Multiple unspecified flaws exist in the DML subcomponent     that allow an authenticated, remote attacker to cause a     denial of service condition. (CVE-2017-3308,     CVE-2017-3331, CVE-2017-3456, CVE-2017-3457,     CVE-2017-3458)

  - Multiple unspecified flaws exist in the Optimizer     subcomponent that allow an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-3309, CVE-2017-3453, CVE-2017-3459)

  - An unspecified flaw exists in the Thread Pooling     subcomponent that allows an unauthenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-3329)

  - An unspecified flaw exists in the Memcached subcomponent     that allows an unauthenticated, remote attacker to cause     a denial of service condition. (CVE-2017-3450)

  - An unspecified flaw exists in the InnoDB subcomponent     that allows an authenticated, remote attacker to insert     and delete data contained in the database or cause a     denial of service condition. (CVE-2017-3454)

  - An unspecified flaw exists in the 'Security: Privileges'     subcomponent that allows an authenticated, remote     attacker to insert or delete data contained in the     database or disclose sensitive information.
    (CVE-2017-3455)

  - An unspecified flaw exists in the Audit Plug-in     subcomponent that allows an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-3460)

  - Multiple unspecified flaws exist in the     'Security: Privileges' subcomponent that allow an     authenticated, remote attacker to cause a denial of     service condition. (CVE-2017-3461, CVE-2017-3462,     CVE-2017-3463)

  - An unspecified flaw exists in the DDL subcomponent that     allows an authenticated, remote attacker to update,     insert, or delete data contained in the database.
    (CVE-2017-3464)

  - An unspecified flaw exists in the 'Security: Privileges'     subcomponent that allows an authenticated, remote     attacker to update, insert, or delete data contained in     the database. (CVE-2017-3465)

  - An unspecified flaw exists in the C API subcomponent     that allows an unauthenticated, remote attacker to     disclose sensitive information. (CVE-2017-3467)

  - An unspecified flaw exists in the 'Security: Encryption'     subcomponent that allows an authenticated, remote     attacker to update, insert, or delete data contained in     the database. (CVE-2017-3468)

  - An unspecified flaw exists in the Pluggable Auth     subcomponent that allows an unauthenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-3599)

  - An unspecified flaw exists in the 'Client mysqldump'     subcomponent that allows an authenticated, remote     attacker to execute arbitrary code. (CVE-2017-3600)

  - An out-of-bounds read error exists in the OpenSSL     component when handling packets using the     CHACHA20/POLY1305 or RC4-MD5 ciphers. An     unauthenticated, remote attacker can exploit this, via     specially crafted truncated packets, to cause a denial     of service condition. (CVE-2017-3731)

  - A carry propagating error exists in the OpenSSL     component in the x86_64 Montgomery squaring     implementation that may cause the BN_mod_exp() function     to produce incorrect results. An unauthenticated, remote     attacker with sufficient resources can exploit this to     obtain sensitive information regarding private keys.
    (CVE-2017-3732)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of MySQL running on the remote host is 5.6.x prior to 5.6.36. It is, therefore, affected by multiple vulnerabilities :

  - A carry propagation error exists in the OpenSSL     component in the Broadwell-specific Montgomery     multiplication procedure when handling input lengths     divisible by but longer than 256 bits. This can result     in transient authentication and key negotiation failures     or reproducible erroneous outcomes of public-key     operations with specially crafted input. A     man-in-the-middle attacker can possibly exploit this     issue to compromise ECDH key negotiations that utilize     Brainpool P-512 curves. (CVE-2016-7055)

  - An authentication information disclosure vulnerability,     known as Riddle, exists due to authentication being     performed prior to security parameter verification. A     man-in-the-middle (MitM) attacker can exploit this     vulnerability to disclose sensitive authentication     information, which the attacker can later use for     authenticating to the server. (CVE-2017-3305)

  - Multiple unspecified flaws exist in the DML subcomponent     that allow an authenticated, remote attacker to cause a     denial of service condition. (CVE-2017-3308,     CVE-2017-3456)

  - Multiple unspecified flaws exist in the Optimizer     subcomponent that allow an authenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-3309, CVE-2017-3452, CVE-2017-3453)

  - An unspecified flaw exists in the Thread Pooling     subcomponent that allows an unauthenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-3329)

  - An unspecified flaw exists in the Memcached subcomponent     that allows an unauthenticated, remote attacker to cause     a denial of service condition. (CVE-2017-3450)

  - Multiple unspecified flaws exist in the     'Security: Privileges' subcomponent that allow an     authenticated, remote attacker to cause a denial of     service condition. (CVE-2017-3461, CVE-2017-3462,     CVE-2017-3463)

  - An unspecified flaw exists in the DDL subcomponent that     allows an authenticated, remote attacker to update,     insert, or delete data contained in the database.
    (CVE-2017-3464)

  - An unspecified flaw exists in the Pluggable Auth     subcomponent that allows an unauthenticated, remote     attacker to cause a denial of service condition.
    (CVE-2017-3599)

  - An unspecified flaw exists in the 'Client mysqldump'     subcomponent that allows an authenticated, remote     attacker to execute arbitrary code. (CVE-2017-3600)

  - An out-of-bounds read error exists in the OpenSSL     component when handling packets using the     CHACHA20/POLY1305 or RC4-MD5 ciphers. An     unauthenticated, remote attacker can exploit this, via     specially crafted truncated packets, to cause a denial     of service condition. (CVE-2017-3731)

  - A carry propagating error exists in the OpenSSL     component in the x86_64 Montgomery squaring     implementation that may cause the BN_mod_exp() function     to produce incorrect results. An unauthenticated, remote     attacker with sufficient resources can exploit this to     obtain sensitive information regarding private keys.
    (CVE-2017-3732)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Oracle reports :

This Critical Patch Update contains 39 new security fixes for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

ID	Name	Product	Family	Severity
106885	GLSA-201802-04 : MySQL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
100275	Amazon Linux AMI : mysql56 (ALAS-2017-830)	Nessus	Amazon Linux Local Security Checks	high
100039	openSUSE Security Update : mysql-community-server (openSUSE-2017-555) (Riddle)	Nessus	SuSE Local Security Checks	high
99723	Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3269-1) (Riddle)	Nessus	Ubuntu Local Security Checks	high
700064	Oracle MySQL 5.7.x < 5.7.18 Multiple Vulnerabilities	Nessus Network Monitor	Database	high
700063	Oracle MySQL 5.6.x < 5.6.36 Multiple Vulnerabilities	Nessus Network Monitor	Database	high
99516	MySQL 5.7.x < 5.7.18 Multiple Vulnerabilities (April 2017 CPU) (July 2017 CPU)	Nessus	Databases	medium
99515	MySQL 5.6.x < 5.6.36 Multiple Vulnerabilities (April 2017 CPU) (July 2017 CPU) (Riddle)	Nessus	Databases	medium
99513	MySQL 5.7.x < 5.7.18 Multiple Vulnerabilities (April 2017 CPU) (July 2017 CPU)	Nessus	Databases	medium
99512	MySQL 5.6.x < 5.6.36 Multiple Vulnerabilities (April 2017 CPU) (July 2017 CPU) (Riddle)	Nessus	Databases	medium
99497	FreeBSD : MySQL -- multiple vulnerabilities (d9e01c35-2531-11e7-b291-b499baebfeaf) (Riddle)	Nessus	FreeBSD Local Security Checks	high

CVE-2017-3599

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins