Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:
- mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB;
Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB
Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-
based logging, allows local users with access to the mysql account to gain root privileges via a symlink
attack on error logs and possibly other files. (CVE-2016-6664)
- Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported
versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily
exploitable vulnerability allows low privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5
(Availability impacts). (CVE-2017-3238)
- Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported
versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high
privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts). (CVE-2017-3243)
- Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported
versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily
exploitable vulnerability allows low privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5
(Availability impacts). (CVE-2017-3244)
Plugin Details
Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security
Risk Information
Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
Vulnerability Information
Exploit Ease: Exploits are available
Vulnerability Publication Date: 10/18/2016
Reference Information
CVE: CVE-2016-6664, CVE-2017-3238, CVE-2017-3243, CVE-2017-3244, CVE-2017-3257, CVE-2017-3258, CVE-2017-3265, CVE-2017-3291, CVE-2017-3312, CVE-2017-3317, CVE-2017-3318
BID: 93612, 95491, 95501, 95520, 95538, 95560, 95565, 95571, 95585, 95588, 95589