CVE-2017-3641

MEDIUM

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

References

http://www.debian.org/security/2017/dsa-3922

http://www.debian.org/security/2017/dsa-3944

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://www.securityfocus.com/bid/99767

http://www.securitytracker.com/id/1038928

https://access.redhat.com/errata/RHSA-2017:2787

https://access.redhat.com/errata/RHSA-2017:2886

https://access.redhat.com/errata/RHSA-2018:0279

https://access.redhat.com/errata/RHSA-2018:0574

https://access.redhat.com/errata/RHSA-2018:2439

https://access.redhat.com/errata/RHSA-2018:2729

https://www.debian.org/security/2017/dsa-3955

Details

Source: MITRE

Published: 2017-08-08

Updated: 2019-05-22

Type: CWE-284

Risk Information

CVSS v2.0

Base Score: 4

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3.0

Base Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.2

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.5.0 to 5.5.56 (inclusive)

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.6.0 to 5.6.36 (inclusive)

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.7.0 to 5.7.18 (inclusive)

ID	Name	Product	Family	Severity
127203	NewStart CGSL CORE 5.04 / MAIN 5.04 : mariadb Multiple Vulnerabilities (NS-SA-2019-0034)	Nessus	NewStart CGSL Local Security Checks	high
124994	EulerOS Virtualization for ARM 64 3.0.1.0 : mariadb (EulerOS-SA-2019-1541)	Nessus	Huawei Local Security Checks	medium
118434	EulerOS Virtualization 2.5.0 : mariadb (EulerOS-SA-2018-1346)	Nessus	Huawei Local Security Checks	medium
118425	EulerOS Virtualization 2.5.1 : mariadb (EulerOS-SA-2018-1337)	Nessus	Huawei Local Security Checks	medium
117746	EulerOS 2.0 SP3 : mariadb (EulerOS-SA-2018-1303)	Nessus	Huawei Local Security Checks	medium
117745	EulerOS 2.0 SP2 : mariadb (EulerOS-SA-2018-1302)	Nessus	Huawei Local Security Checks	high
117592	Amazon Linux 2 : mariadb (ALAS-2018-1078)	Nessus	Amazon Linux Local Security Checks	high
112020	CentOS 7 : mariadb (CESA-2018:2439)	Nessus	CentOS Local Security Checks	high
111806	Scientific Linux Security Update : mariadb on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	high
111802	RHEL 7 : mariadb (RHSA-2018:2439)	Nessus	Red Hat Local Security Checks	high
111800	Oracle Linux 7 : mariadb (ELSA-2018-2439)	Nessus	Oracle Linux Local Security Checks	high
106885	GLSA-201802-04 : MySQL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
106062	openSUSE Security Update : mariadb (openSUSE-2018-33)	Nessus	SuSE Local Security Checks	medium
106048	SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2018:0079-1)	Nessus	SuSE Local Security Checks	medium
105077	MariaDB 10.2.x < 10.2.10 Multiple Vulnerabilities	Nessus	Databases	medium
105076	MariaDB 10.0.x < 10.0.33 / 10.1.x < 10.1.27 Multiple Vulnerabilities	Nessus	Databases	medium
104375	SUSE SLES12 Security Update : mariadb (SUSE-SU-2017:2921-1)	Nessus	SuSE Local Security Checks	medium
103090	Slackware 14.1 / 14.2 : mariadb (SSA:2017-251-02)	Nessus	Slackware Local Security Checks	medium
102876	Amazon Linux AMI : mysql56 (ALAS-2017-888)	Nessus	Amazon Linux Local Security Checks	medium
102875	Amazon Linux AMI : mysql55 (ALAS-2017-887)	Nessus	Amazon Linux Local Security Checks	medium
102839	SUSE SLES11 Security Update : mysql (SUSE-SU-2017:2290-1)	Nessus	SuSE Local Security Checks	medium
102791	Debian DSA-3955-1 : mariadb-10.1 - security update	Nessus	Debian Local Security Checks	medium
700187	Oracle MySQL 5.5.x < 5.5.57 Multiple Vulnerabilities	Nessus Network Monitor	Database	high
700186	Oracle MySQL 5.6.x < 5.6.37 Multiple Vulnerabilities	Nessus Network Monitor	Database	high
700185	Oracle MySQL 5.7.x < 5.7.19 Multiple Vulnerabilities	Nessus Network Monitor	Database	high
102529	Debian DSA-3944-1 : mariadb-10.0 - security update	Nessus	Debian Local Security Checks	medium
102329	Fedora 26 : community-mysql (2017-ee93493bea)	Nessus	Fedora Local Security Checks	medium
102328	Fedora 25 : community-mysql (2017-7c039552fa)	Nessus	Fedora Local Security Checks	medium
102056	openSUSE Security Update : mysql-community-server (openSUSE-2017-866)	Nessus	SuSE Local Security Checks	medium
102046	Debian DSA-3922-1 : mysql-5.5 - security update	Nessus	Debian Local Security Checks	medium
102041	Debian DLA-1043-1 : mysql-5.5 security update	Nessus	Debian Local Security Checks	medium
101979	MySQL 5.7.x < 5.7.19 Multiple Vulnerabilities (RPM Check) (July 2017 CPU) (October 2017 CPU)	Nessus	Databases	high
101978	MySQL 5.6.x < 5.6.37 Multiple Vulnerabilities (RPM Check) (July 2017 CPU) (October 2017 CPU)	Nessus	Databases	high
101977	MySQL 5.5.x < 5.5.57 Multiple Vulnerabilities (July 2017 CPU)	Nessus	Databases	medium
101892	Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3357-1)	Nessus	Ubuntu Local Security Checks	medium
101828	FreeBSD : MySQL -- multiple vulnerabilities (cda2f3c2-6c8b-11e7-867f-b499baebfeaf)	Nessus	FreeBSD Local Security Checks	medium
101821	MySQL 5.7.x < 5.7.19 Multiple Vulnerabilities (Jul 2017 CPU) (Oct 2017 CPU) (Jul 2019 CPU)	Nessus	Databases	medium
101820	MySQL 5.6.x < 5.6.37 Multiple Vulnerabilities (July 2017 CPU) (October 2017 CPU)	Nessus	Databases	high
101819	MySQL 5.5.x < 5.5.57 Multiple Vulnerabilities (July 2017 CPU)	Nessus	Databases	high