Vulnerabilities > CVE-2017-10286

047910
CVSS 4.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
HIGH
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
high complexity
oracle
netapp
mariadb
nessus

Summary

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Configurations

Part Description Count
Application
Oracle
62
Application
Netapp
23
Application
Mariadb
66

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3459-1.NASL
    descriptionMultiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.58 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10 have been updated to MySQL 5.7.20. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-58.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-20.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626 .html. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104120
    published2017-10-24
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104120
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3459-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3459-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(104120);
      script_version("3.7");
      script_cvs_date("Date: 2019/09/18 12:31:47");
    
      script_cve_id("CVE-2017-10155", "CVE-2017-10165", "CVE-2017-10167", "CVE-2017-10227", "CVE-2017-10268", "CVE-2017-10276", "CVE-2017-10283", "CVE-2017-10286", "CVE-2017-10294", "CVE-2017-10311", "CVE-2017-10313", "CVE-2017-10314", "CVE-2017-10320", "CVE-2017-10378", "CVE-2017-10379", "CVE-2017-10384");
      script_xref(name:"USN", value:"3459-1");
    
      script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3459-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple security issues were discovered in MySQL and this update
    includes new upstream MySQL versions to fix these issues.
    
    MySQL has been updated to 5.5.58 in Ubuntu 14.04 LTS. Ubuntu 16.04
    LTS, Ubuntu 17.04 and Ubuntu 17.10 have been updated to MySQL 5.7.20.
    
    In addition to security fixes, the updated packages contain bug fixes,
    new features, and possibly incompatible changes.
    
    Please see the following for more information:
    http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-58.html
    http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-20.html
    http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626
    .html.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3459-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected mysql-server-5.5 and / or mysql-server-5.7
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/10/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04|16\.04|17\.04|17\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 17.04 / 17.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"mysql-server-5.5", pkgver:"5.5.58-0ubuntu0.14.04.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"mysql-server-5.7", pkgver:"5.7.20-0ubuntu0.16.04.1")) flag++;
    if (ubuntu_check(osver:"17.04", pkgname:"mysql-server-5.7", pkgver:"5.7.20-0ubuntu0.17.04.1")) flag++;
    if (ubuntu_check(osver:"17.10", pkgname:"mysql-server-5.7", pkgver:"5.7.20-0ubuntu0.17.10.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql-server-5.5 / mysql-server-5.7");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-9E28C78E07.NASL
    descriptionA quarter year regular dose of fixed CVE
    last seen2020-06-05
    modified2018-01-15
    plugin id105938
    published2018-01-15
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105938
    titleFedora 27 : community-mysql (2017-9e28c78e07)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2017-9e28c78e07.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105938);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-10155", "CVE-2017-10227", "CVE-2017-10268", "CVE-2017-10276", "CVE-2017-10279", "CVE-2017-10283", "CVE-2017-10286", "CVE-2017-10294", "CVE-2017-10314", "CVE-2017-10378", "CVE-2017-10379", "CVE-2017-10384");
      script_xref(name:"FEDORA", value:"2017-9e28c78e07");
    
      script_name(english:"Fedora 27 : community-mysql (2017-9e28c78e07)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A quarter year regular dose of fixed CVE's.
    https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-20.html
    
    .
    
    rhbz#1497694 :
    
    Fix owner and perms on log file in post script
    
    CVE fixes: rhbz#1503701
    
    CVE-2017-10155 CVE-2017-10227 CVE-2017-10268 CVE-2017-10276
    CVE-2017-10279 CVE-2017-10283 CVE-2017-10286 CVE-2017-10294
    CVE-2017-10314 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384
    
    Others :
    
    Move all test binaries to -test package Dont ship unneeded man pages
    on systemd platforms Remove mysql_config_editor from -devel package,
    shipped in client
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-9e28c78e07"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected community-mysql package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:community-mysql");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/11/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/15");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC27", reference:"community-mysql-5.7.20-1.fc27")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "community-mysql");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-50C790AAED.NASL
    descriptionA quarter year regular dose of fixed CVE
    last seen2020-06-05
    modified2017-11-07
    plugin id104416
    published2017-11-07
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104416
    titleFedora 26 : community-mysql (2017-50c790aaed)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2017-50c790aaed.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(104416);
      script_version("3.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-10155", "CVE-2017-10227", "CVE-2017-10268", "CVE-2017-10276", "CVE-2017-10279", "CVE-2017-10283", "CVE-2017-10286", "CVE-2017-10294", "CVE-2017-10314", "CVE-2017-10378", "CVE-2017-10379", "CVE-2017-10384");
      script_xref(name:"FEDORA", value:"2017-50c790aaed");
    
      script_name(english:"Fedora 26 : community-mysql (2017-50c790aaed)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A quarter year regular dose of fixed CVE's.
    https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-20.html
    
    .
    
    rhbz#1497694 :
    
    Fix owner and perms on log file in post script
    
    CVE fixes: rhbz#1503701
    
    CVE-2017-10155 CVE-2017-10227 CVE-2017-10268 CVE-2017-10276
    CVE-2017-10279 CVE-2017-10283 CVE-2017-10286 CVE-2017-10294
    CVE-2017-10314 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384
    
    Others :
    
    Move all test binaries to -test package Dont ship unneeded man pages
    on systemd platforms Remove mysql_config_editor from -devel package,
    shipped in client
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-50c790aaed"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected community-mysql package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:community-mysql");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:26");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/11/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^26([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 26", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC26", reference:"community-mysql-5.7.20-1.fc26")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "community-mysql");
    }
    
  • NASL familyDatabases
    NASL idMARIADB_10_1_27.NASL
    descriptionThe version of MariaDB running on the remote host is prior to 10.0.x prior to 10.0.33 or 10.1.x prior to 10.1.27. It is, therefore, affected by multiple vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id105076
    published2017-12-07
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105076
    titleMariaDB 10.0.x < 10.0.33 / 10.1.x < 10.1.27 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105076);
      script_version("1.7");
      script_cvs_date("Date: 2019/11/12");
    
      script_cve_id(
        "CVE-2017-3308",
        "CVE-2017-3309",
        "CVE-2017-3453",
        "CVE-2017-3456",
        "CVE-2017-3464",
        "CVE-2017-3636",
        "CVE-2017-3641",
        "CVE-2017-3653",
        "CVE-2017-10286",
        "CVE-2017-10379",
        "CVE-2017-10384"
      );
      script_bugtraq_id(
        97725,
        97742,
        97776,
        97818,
        97831,
        99736,
        99767,
        99810,
        101397,
        101406,
        101415
      );
    
      script_name(english:"MariaDB 10.0.x < 10.0.33 / 10.1.x < 10.1.27 Multiple Vulnerabilities");
      script_summary(english:"Checks the MariaDB version.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote database server is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of MariaDB running on the remote host is prior to
    10.0.x prior to 10.0.33 or 10.1.x prior to 10.1.27. It is, therefore,
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"see_also", value:"https://mariadb.com/kb/en/library/mariadb-10033-changelog/");
      script_set_attribute(attribute:"see_also", value:"https://mariadb.com/kb/en/library/mariadb-10127-changelog/");
      script_set_attribute(attribute:"see_also", value:"https://mariadb.com/kb/en/library/security/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to MariaDB version 10.0.33 / 10.1.27 or
    later.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-3636");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/09/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/07");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mariadb:mariadb");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Databases");
    
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mysql_version.nasl", "mysql_login.nasl");
      script_require_keys("Settings/ParanoidReport");
      script_require_ports("Services/mysql", 3306);
    
      exit(0);
    }
    
    include("mysql_version.inc");
    
    mysql_check_version(variant:'MariaDB', fixed:make_list('10.0.33-MariaDB', '10.1.27-MariaDB'), severity:SECURITY_WARNING);
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201802-04.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201802-04 (MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL. Please review the referenced CVE identifiers for details. Impact : A remote attacker could execute arbitrary code without authentication or cause a partial denial of service condition. Workaround : There are no known workarounds at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id106885
    published2018-02-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106885
    titleGLSA-201802-04 : MySQL: Multiple vulnerabilities
  • NASL familyDatabases
    NASL idMYSQL_5_7_20.NASL
    descriptionThe version of MySQL running on the remote host is 5.7.x prior to 5.7.20. It is, therefore, affected by multiple vulnerabilities as noted in the October 2017 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id104050
    published2017-10-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104050
    titleMySQL 5.7.x < 5.7.20 Multiple Vulnerabilities (October 2017 CPU)
  • NASL familyDatabases
    NASL idMYSQL_5_6_38.NASL
    descriptionThe version of MySQL running on the remote host is 5.6.x prior to 5.6.38. It is, therefore, affected by multiple vulnerabilities as noted in the October 2017 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id104049
    published2017-10-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104049
    titleMySQL 5.6.x < 5.6.38 Multiple Vulnerabilities (October 2017 CPU)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-926.NASL
    descriptionVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. (CVE-2017-10379) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2017-10378) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2017-10283) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2017-10227) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2017-10294) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. (CVE-2017-10268) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2017-10155) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2017-10314) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2017-10384) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2017-10276) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2017-10286) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2017-10279)
    last seen2020-06-01
    modified2020-06-02
    plugin id105050
    published2017-12-07
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105050
    titleAmazon Linux AMI : mysql56 / mysql57 (ALAS-2017-926)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_C41BEDFDB3F911E7AC58B499BAEBFEAF.NASL
    descriptionOracle reports : Please reference CVE/URL list for details
    last seen2020-06-01
    modified2020-06-02
    plugin id103954
    published2017-10-19
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103954
    titleFreeBSD : MySQL -- multiple vulnerabilities (c41bedfd-b3f9-11e7-ac58-b499baebfeaf)
  • NASL familyDatabases
    NASL idMYSQL_5_6_38_RPM.NASL
    descriptionThe version of MySQL running on the remote host is 5.6.x prior to 5.6.38. It is, therefore, affected by multiple vulnerabilities as noted in the October 2017 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-04
    modified2017-10-19
    plugin id103966
    published2017-10-19
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103966
    titleMySQL 5.6.x < 5.6.38 Multiple Vulnerabilities (RPM Check) (October 2017 CPU)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-1196.NASL
    descriptionThis update for mysql-community-server to 5.6.38 fixes the following issues : Full list of changes : http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-38.html CVEs fixed : - [boo#1064116] CVE-2017-10379 - [boo#1064117] CVE-2017-10384 - [boo#1064115] CVE-2017-10378 - [boo#1064101] CVE-2017-10268 - [boo#1064096] CVE-2017-10155 - [boo#1064118] CVE-2017-3731 - [boo#1064102] CVE-2017-10276 - [boo#1064105] CVE-2017-10283 - [boo#1064112] CVE-2017-10314 - [boo#1064100] CVE-2017-10227 - [boo#1064104] CVE-2017-10279 - [boo#1064108] CVE-2017-10294 - [boo#1064107] CVE-2017-10286 Additional changes : - add
    last seen2020-06-05
    modified2017-10-30
    plugin id104234
    published2017-10-30
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104234
    titleopenSUSE Security Update : mysql-community-server (openSUSE-2017-1196)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-95327E44EC.NASL
    descriptionA quarter year regular dose of fixed CVE
    last seen2020-06-05
    modified2017-11-07
    plugin id104419
    published2017-11-07
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104419
    titleFedora 25 : community-mysql (2017-95327e44ec)
  • NASL familyDatabases
    NASL idMYSQL_5_7_20_RPM.NASL
    descriptionThe version of MySQL running on the remote host is 5.7.x prior to 5.7.20. It is, therefore, affected by multiple vulnerabilities as noted in the October 2017 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-04
    modified2017-10-19
    plugin id103967
    published2017-10-19
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103967
    titleMySQL 5.7.x < 5.7.20 Multiple Vulnerabilities (RPM Check) (Oct 2017 CPU)

Redhat

advisories
  • rhsa
    idRHSA-2017:3265
  • rhsa
    idRHSA-2017:3442
  • rhsa
    idRHSA-2018:0279
  • rhsa
    idRHSA-2018:0574
rpms
  • rh-mysql56-mysql-0:5.6.38-1.el6
  • rh-mysql56-mysql-0:5.6.38-1.el7
  • rh-mysql56-mysql-bench-0:5.6.38-1.el6
  • rh-mysql56-mysql-bench-0:5.6.38-1.el7
  • rh-mysql56-mysql-common-0:5.6.38-1.el6
  • rh-mysql56-mysql-common-0:5.6.38-1.el7
  • rh-mysql56-mysql-config-0:5.6.38-1.el6
  • rh-mysql56-mysql-config-0:5.6.38-1.el7
  • rh-mysql56-mysql-debuginfo-0:5.6.38-1.el6
  • rh-mysql56-mysql-debuginfo-0:5.6.38-1.el7
  • rh-mysql56-mysql-devel-0:5.6.38-1.el6
  • rh-mysql56-mysql-devel-0:5.6.38-1.el7
  • rh-mysql56-mysql-errmsg-0:5.6.38-1.el6
  • rh-mysql56-mysql-errmsg-0:5.6.38-1.el7
  • rh-mysql56-mysql-server-0:5.6.38-1.el6
  • rh-mysql56-mysql-server-0:5.6.38-1.el7
  • rh-mysql56-mysql-test-0:5.6.38-1.el6
  • rh-mysql56-mysql-test-0:5.6.38-1.el7
  • rh-mysql57-mysql-0:5.7.20-1.el6
  • rh-mysql57-mysql-0:5.7.20-1.el7
  • rh-mysql57-mysql-common-0:5.7.20-1.el6
  • rh-mysql57-mysql-common-0:5.7.20-1.el7
  • rh-mysql57-mysql-config-0:5.7.20-1.el6
  • rh-mysql57-mysql-config-0:5.7.20-1.el7
  • rh-mysql57-mysql-debuginfo-0:5.7.20-1.el6
  • rh-mysql57-mysql-debuginfo-0:5.7.20-1.el7
  • rh-mysql57-mysql-devel-0:5.7.20-1.el6
  • rh-mysql57-mysql-devel-0:5.7.20-1.el7
  • rh-mysql57-mysql-errmsg-0:5.7.20-1.el6
  • rh-mysql57-mysql-errmsg-0:5.7.20-1.el7
  • rh-mysql57-mysql-server-0:5.7.20-1.el6
  • rh-mysql57-mysql-server-0:5.7.20-1.el7
  • rh-mysql57-mysql-test-0:5.7.20-1.el6
  • rh-mysql57-mysql-test-0:5.7.20-1.el7
  • rh-mariadb100-mariadb-1:10.0.33-3.el6
  • rh-mariadb100-mariadb-1:10.0.33-3.el7
  • rh-mariadb100-mariadb-bench-1:10.0.33-3.el6
  • rh-mariadb100-mariadb-bench-1:10.0.33-3.el7
  • rh-mariadb100-mariadb-common-1:10.0.33-3.el6
  • rh-mariadb100-mariadb-common-1:10.0.33-3.el7
  • rh-mariadb100-mariadb-config-1:10.0.33-3.el6
  • rh-mariadb100-mariadb-config-1:10.0.33-3.el7
  • rh-mariadb100-mariadb-debuginfo-1:10.0.33-3.el6
  • rh-mariadb100-mariadb-debuginfo-1:10.0.33-3.el7
  • rh-mariadb100-mariadb-devel-1:10.0.33-3.el6
  • rh-mariadb100-mariadb-devel-1:10.0.33-3.el7
  • rh-mariadb100-mariadb-errmsg-1:10.0.33-3.el6
  • rh-mariadb100-mariadb-errmsg-1:10.0.33-3.el7
  • rh-mariadb100-mariadb-oqgraph-engine-1:10.0.33-3.el6
  • rh-mariadb100-mariadb-oqgraph-engine-1:10.0.33-3.el7
  • rh-mariadb100-mariadb-server-1:10.0.33-3.el6
  • rh-mariadb100-mariadb-server-1:10.0.33-3.el7
  • rh-mariadb100-mariadb-test-1:10.0.33-3.el6
  • rh-mariadb100-mariadb-test-1:10.0.33-3.el7
  • rh-mariadb101-galera-0:25.3.12-12.el6
  • rh-mariadb101-galera-0:25.3.12-12.el7
  • rh-mariadb101-galera-debuginfo-0:25.3.12-12.el6
  • rh-mariadb101-galera-debuginfo-0:25.3.12-12.el7
  • rh-mariadb101-mariadb-1:10.1.29-3.el6
  • rh-mariadb101-mariadb-1:10.1.29-3.el7
  • rh-mariadb101-mariadb-bench-1:10.1.29-3.el6
  • rh-mariadb101-mariadb-bench-1:10.1.29-3.el7
  • rh-mariadb101-mariadb-common-1:10.1.29-3.el6
  • rh-mariadb101-mariadb-common-1:10.1.29-3.el7
  • rh-mariadb101-mariadb-config-1:10.1.29-3.el6
  • rh-mariadb101-mariadb-config-1:10.1.29-3.el7
  • rh-mariadb101-mariadb-debuginfo-1:10.1.29-3.el6
  • rh-mariadb101-mariadb-debuginfo-1:10.1.29-3.el7
  • rh-mariadb101-mariadb-devel-1:10.1.29-3.el6
  • rh-mariadb101-mariadb-devel-1:10.1.29-3.el7
  • rh-mariadb101-mariadb-errmsg-1:10.1.29-3.el6
  • rh-mariadb101-mariadb-errmsg-1:10.1.29-3.el7
  • rh-mariadb101-mariadb-oqgraph-engine-1:10.1.29-3.el6
  • rh-mariadb101-mariadb-oqgraph-engine-1:10.1.29-3.el7
  • rh-mariadb101-mariadb-server-1:10.1.29-3.el6
  • rh-mariadb101-mariadb-server-1:10.1.29-3.el7
  • rh-mariadb101-mariadb-server-galera-1:10.1.29-3.el6
  • rh-mariadb101-mariadb-server-galera-1:10.1.29-3.el7
  • rh-mariadb101-mariadb-test-1:10.1.29-3.el6
  • rh-mariadb101-mariadb-test-1:10.1.29-3.el7