Vulnerabilities > CVE-2017-3257 - Improper Privilege Management vulnerability in multiple products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

nessus

NVD

Published: 2017-01-27

Updated: 2022-08-01

Summary

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Mysql 5.6.0 Oracle Mysql 5.6.1 Oracle Mysql 5.6.2 Oracle Mysql 5.6.3 Oracle Mysql 5.6.4 Oracle Mysql 5.6.5 Oracle Mysql 5.6.6 Oracle Mysql 5.6.7 Oracle Mysql 5.6.8 Oracle Mysql 5.6.9 Oracle Mysql 5.6.10 Oracle Mysql 5.6.11 Oracle Mysql 5.6.12 Oracle Mysql 5.6.13 Oracle Mysql 5.6.14 Oracle Mysql 5.6.15 Oracle Mysql 5.6.16 Oracle Mysql 5.6.17 Oracle Mysql 5.6.18 Oracle Mysql 5.6.19 Oracle Mysql 5.6.20 Oracle Mysql 5.6.21 Oracle Mysql 5.6.22 Oracle Mysql 5.6.23 Oracle Mysql 5.6.24 Oracle Mysql 5.6.25 Oracle Mysql 5.6.26 Oracle Mysql 5.6.27 Oracle Mysql 5.6.28 Oracle Mysql 5.6.29 Oracle Mysql 5.6.30 Oracle Mysql 5.6.31 Oracle Mysql 5.6.32 Oracle Mysql 5.6.33 Oracle Mysql 5.6.34 Oracle Mysql 5.7.0 Oracle Mysql 5.7.1 Oracle Mysql 5.7.2 Oracle Mysql 5.7.3 Oracle Mysql 5.7.4 Oracle Mysql 5.7.5 Oracle Mysql 5.7.6 Oracle Mysql 5.7.7 Oracle Mysql 5.7.8 Oracle Mysql 5.7.9 Oracle Mysql 5.7.10 Oracle Mysql 5.7.11 Oracle Mysql 5.7.12 Oracle Mysql 5.7.13 Oracle Mysql 5.7.14 Oracle Mysql 5.7.15 Oracle Mysql 5.7.16	56
Application	Mariadb Mariadb Mariadb 10.1.0 Mariadb Mariadb 10.1.1 Mariadb Mariadb 10.1.2 Mariadb Mariadb 10.1.3 Mariadb Mariadb 10.1.4 Mariadb Mariadb 10.1.5 Mariadb Mariadb 10.1.6 Mariadb Mariadb 10.1.7 Mariadb Mariadb 10.1.8 Mariadb Mariadb 10.1.9 Mariadb Mariadb 10.1.10 Mariadb Mariadb 10.1.11 Mariadb Mariadb 10.1.12 Mariadb Mariadb 10.1.13 Mariadb Mariadb 10.1.14 Mariadb Mariadb 10.1.15 Mariadb Mariadb 10.1.16 Mariadb Mariadb 10.1.17 Mariadb Mariadb 10.1.18 Mariadb Mariadb 10.1.19 Mariadb Mariadb 10.1.20 Mariadb Mariadb 10.0.0 Mariadb Mariadb 10.0.1 Mariadb Mariadb 10.0.2 Mariadb Mariadb 10.0.3 Mariadb Mariadb 10.0.4 Mariadb Mariadb 10.0.5 Mariadb Mariadb 10.0.6 Mariadb Mariadb 10.0.7 Mariadb Mariadb 10.0.8 Mariadb Mariadb 10.0.9 Mariadb Mariadb 10.0.10 Mariadb Mariadb 10.0.11 Mariadb Mariadb 10.0.12 Mariadb Mariadb 10.0.13 Mariadb Mariadb 10.0.14 Mariadb Mariadb 10.0.15 Mariadb Mariadb 10.0.16 Mariadb Mariadb 10.0.17 Mariadb Mariadb 10.0.18 Mariadb Mariadb 10.0.19 Mariadb Mariadb 10.0.20 Mariadb Mariadb 10.0.21 Mariadb Mariadb 10.0.22 Mariadb Mariadb 10.0.23 Mariadb Mariadb 10.0.24 Mariadb Mariadb 10.0.25 Mariadb Mariadb 10.0.26 Mariadb Mariadb 10.0.27 Mariadb Mariadb 10.0.28 Mariadb Mariadb 10.2.0 Mariadb Mariadb 10.2.1 Mariadb Mariadb 10.2.2 Mariadb Mariadb 10.2.3 Mariadb Mariadb 10.2.4 Mariadb Mariadb 10.2.5 Mariadb Mariadb 10.2.6 Mariadb Mariadb 10.2.7	58
OS	Debian Debian Debian Linux 8.0	1

Common Weakness Enumeration (CWE)

CWE-269 - Improper Privilege Management

Common Attack Pattern Enumeration and Classification (CAPEC)

Restful Privilege Elevation
Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.

Nessus

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2017-790.NASL
description	The following security-related issues were fixed : CVE-2016-8318 Server: Security: Encryption unspecified vulnerability CVE-2016-8327 Server: Replication unspecified vulnerability CVE-2017-3238 Server: Optimizer unspecified vulnerability CVE-2017-3244 Server: DML unspecified vulnerability CVE-2017-3257 Server: InnoDB unspecified vulnerability CVE-2017-3258 Server: DDL unspecified vulnerability CVE-2017-3273 Server: DDL unspecified vulnerability CVE-2017-3313 Server: MyISAM unspecified vulnerability CVE-2017-3317 Logging unspecified vulnerability CVE-2017-3318 Server: Error Handling unspecified vulnerability
last seen	2020-06-01
modified	2020-06-02
plugin id	96808
published	2017-01-27
reporter	This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/96808
title	Amazon Linux AMI : mysql56 (ALAS-2017-790)

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2017-018-01.NASL
description	New mariadb packages are available for Slackware 14.1, 14.2, and -current to fix security issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	96612
published	2017-01-19
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96612
title	Slackware 14.1 / 14.2 / current : mariadb (SSA:2017-018-01)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2017-258.NASL
description	mysql-community-server was updated to version 5.6.35 to fix bugs and security issues : - Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 35.html - Fixed CVEs: CVE-2016-8318 [boo#1020872], CVE-2017-3312 [boo#1020873], CVE-2017-3258 [boo#1020875], CVE-2017-3273 [boo#1020876], CVE-2017-3244 [boo#1020877], CVE-2017-3257 [boo#1020878], CVE-2017-3238 [boo#1020882], CVE-2017-3291 [boo#1020884], CVE-2017-3265 [boo#1020885], CVE-2017-3313 [boo#1020890], CVE-2016-8327 [boo#1020893], CVE-2017-3317 [boo#1020894], CVE-2017-3318 [boo#1020896]
last seen	2020-06-05
modified	2017-02-21
plugin id	97278
published	2017-02-21
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/97278
title	openSUSE Security Update : mysql-community-server (openSUSE-2017-258)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_4D2F9D09DDB711E6A9A5B499BAEBFEAF.NASL
description	Oracle reports : No further details have been provided in the Critical Patch Update
last seen	2020-06-01
modified	2020-06-02
plugin id	96618
published	2017-01-19
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96618
title	FreeBSD : mysql -- multiple vulnerabilities (4d2f9d09-ddb7-11e6-a9a5-b499baebfeaf)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2017-0412-1.NASL
description	This mariadb version update to 10.0.29 fixes the following issues : - CVE-2017-3318: unspecified vulnerability affecting Error Handling (bsc#1020896) - CVE-2017-3317: unspecified vulnerability affecting Logging (bsc#1020894) - CVE-2017-3312: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 (bsc#1020873) - CVE-2017-3291: unrestricted mysqld_safe
last seen	2020-06-01
modified	2020-06-02
plugin id	97064
published	2017-02-08
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/97064
title	SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2017:0412-1)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201702-18.NASL
description	The remote host is affected by the vulnerability described in GLSA-201702-18 (MariaDB: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MariaDB. Please review the CVE identifiers referenced below for details. Impact : An attacker could possibly escalate privileges, gain access to critical data or complete access to all MariaDB Server accessible data, or cause a Denial of Service condition via unspecified vectors. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	97261
published	2017-02-21
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/97261
title	GLSA-201702-18 : MariaDB: Multiple vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2017-0411-1.NASL
description	This mariadb version update to 10.0.29 fixes the following issues : - CVE-2017-3318: unspecified vulnerability affecting Error Handling (bsc#1020896) - CVE-2017-3317: unspecified vulnerability affecting Logging (bsc#1020894) - CVE-2017-3312: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 (bsc#1020873) - CVE-2017-3291: unrestricted mysqld_safe
last seen	2020-06-01
modified	2020-06-02
plugin id	97063
published	2017-02-08
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/97063
title	SUSE SLES12 Security Update : mariadb (SUSE-SU-2017:0411-1)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3770.NASL
description	Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.29. Please see the MariaDB 10.0 Release Notes for further details : - https://mariadb.com/kb/en/mariadb/mariadb-10029-release- notes/
last seen	2020-06-01
modified	2020-06-02
plugin id	96669
published	2017-01-23
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96669
title	Debian DSA-3770-1 : mariadb-10.0 - security update

NASL family	Databases
NASL id	MYSQL_5_7_17_RPM.NASL
description	The version of MySQL running on the remote host is 5.7.x prior to 5.7.17. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-8318) - An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-8327) - Multiple unspecified flaws exist in the Optimizer subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3238, CVE-2017-3251) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3244) - An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3256) - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3257) - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3258) - An unspecified flaw exists in the Packaging subcomponent that allows a local attacker to impact confidentiality and availability. (CVE-2017-3265) - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3273) - Multiple unspecified flaws exist in the Packaging subcomponent that allow a local attacker to gain elevated privileges. (CVE-2017-3291, CVE-2017-3312) - An unspecified flaw exists in the MyISAM subcomponent that allows a local attacker to disclose sensitive information. (CVE-2017-3313) - An unspecified flaw exists in the Logging subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2017-3317) - An unspecified flaw exists in the Error Handling subcomponent that allows a local attacker to disclose sensitive information. (CVE-2017-3318) - An unspecified flaw exists in the X Plugin subcomponent that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2017-3319) - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2017-3320) - An unspecified flaw exists in the X Plugin subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3646) - A local privilege escalation vulnerability exists in the mysqld_safe component due to unsafe use of the
last seen	2020-06-04
modified	2016-12-15
plugin id	95881
published	2016-12-15
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95881
title	MySQL 5.7.x < 5.7.17 Multiple Vulnerabilities (January 2017 CPU) (July 2017 CPU)

NASL family	Databases
NASL id	MYSQL_5_6_35_RPM.NASL
description	The version of MySQL running on the remote host is 5.6.x prior to 5.6.35. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-8318) - An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-8327) - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3238) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3244) - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3257) - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3258) - An unspecified flaw exists in the Packaging subcomponent that allows a local attacker to impact confidentiality and availability. (CVE-2017-3265) - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3273) - Multiple unspecified flaws exist in the Packaging subcomponent that allow a local attacker to gain elevated privileges. (CVE-2017-3291, CVE-2017-3312) - An unspecified flaw exists in the MyISAM subcomponent that allows a local attacker to disclose sensitive information. (CVE-2017-3313) - An unspecified flaw exists in the Logging subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2017-3317) - An unspecified flaw exists in the Error Handling subcomponent that allows a local attacker to disclose sensitive information. (CVE-2017-3318) - A local privilege escalation vulnerability exists in the mysqld_safe component due to unsafe use of the
last seen	2020-06-04
modified	2016-12-15
plugin id	95879
published	2016-12-15
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95879
title	MySQL 5.6.x < 5.6.35 Multiple Vulnerabilities (January 2017 CPU)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2017-315.NASL
description	mysql-community-server was updated to version 5.6.35 to fix bugs and security issues : - Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 35.html - Fixed CVEs: CVE-2016-8318 [boo#1020872], CVE-2017-3312 [boo#1020873], CVE-2017-3258 [boo#1020875], CVE-2017-3273 [boo#1020876], CVE-2017-3244 [boo#1020877], CVE-2017-3257 [boo#1020878], CVE-2017-3238 [boo#1020882], CVE-2017-3291 [boo#1020884], CVE-2017-3265 [boo#1020885], CVE-2017-3313 [boo#1020890], CVE-2016-8327 [boo#1020893], CVE-2017-3317 [boo#1020894], CVE-2017-3318 [boo#1020896]
last seen	2020-06-05
modified	2017-03-07
plugin id	97569
published	2017-03-07
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/97569
title	openSUSE Security Update : mysql-community-server (openSUSE-2017-315)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2017-257.NASL
description	This mariadb version update to 10.0.29 fixes the following issues : - CVE-2017-3318: unspecified vulnerability affecting Error Handling (bsc#1020896) - CVE-2017-3317: unspecified vulnerability affecting Logging (bsc#1020894) - CVE-2017-3312: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 (bsc#1020873) - CVE-2017-3291: unrestricted mysqld_safe
last seen	2020-06-05
modified	2017-02-21
plugin id	97277
published	2017-02-21
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/97277
title	openSUSE Security Update : mariadb (openSUSE-2017-257)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201702-17.NASL
description	The remote host is affected by the vulnerability described in GLSA-201702-17 (MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact : An attacker could possibly escalate privileges, gain access to critical data or complete access to all MySQL server accessible data, or cause a Denial of Service condition via unspecified vectors. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	97260
published	2017-02-21
reporter	This script is Copyright (C) 2017 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/97260
title	GLSA-201702-17 : MySQL: Multiple vulnerabilities

NASL family	Databases
NASL id	MYSQL_5_7_17.NASL
description	The version of MySQL running on the remote host is 5.7.x prior to 5.7.17. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-8318) - An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-8327) - Multiple unspecified flaws exist in the Optimizer subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3238, CVE-2017-3251) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3244) - An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3256) - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3257) - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3258) - An unspecified flaw exists in the Packaging subcomponent that allows a local attacker to impact confidentiality and availability. (CVE-2017-3265) - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3273) - Multiple unspecified flaws exist in the Packaging subcomponent that allow a local attacker to gain elevated privileges. (CVE-2017-3291, CVE-2017-3312) - An unspecified flaw exists in the MyISAM subcomponent that allows a local attacker to disclose sensitive information. (CVE-2017-3313) - An unspecified flaw exists in the Logging subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2017-3317) - An unspecified flaw exists in the Error Handling subcomponent that allows a local attacker to disclose sensitive information. (CVE-2017-3318) - An unspecified flaw exists in the X Plugin subcomponent that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2017-3319) - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2017-3320) - An unspecified flaw exists in the X Plugin subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3646) - A local privilege escalation vulnerability exists in the mysqld_safe component due to unsafe use of the
last seen	2020-06-01
modified	2020-06-02
plugin id	95880
published	2016-12-15
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95880
title	MySQL 5.7.x < 5.7.17 Multiple Vulnerabilities (January 2017 CPU) (July 2017 CPU)

NASL family	Databases
NASL id	MYSQL_5_6_35.NASL
description	The version of MySQL running on the remote host is 5.6.x prior to 5.6.35. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-8318) - An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-8327) - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3238) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3244) - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3257) - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3258) - An unspecified flaw exists in the Packaging subcomponent that allows a local attacker to impact confidentiality and availability. (CVE-2017-3265) - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3273) - Multiple unspecified flaws exist in the Packaging subcomponent that allow a local attacker to gain elevated privileges. (CVE-2017-3291, CVE-2017-3312) - An unspecified flaw exists in the MyISAM subcomponent that allows a local attacker to disclose sensitive information. (CVE-2017-3313) - An unspecified flaw exists in the Logging subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2017-3317) - An unspecified flaw exists in the Error Handling subcomponent that allows a local attacker to disclose sensitive information. (CVE-2017-3318) - A local privilege escalation vulnerability exists in the mysqld_safe component due to unsafe use of the
last seen	2020-06-01
modified	2020-06-02
plugin id	95878
published	2016-12-15
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95878
title	MySQL 5.6.x < 5.6.35 Multiple Vulnerabilities (January 2017 CPU)

Redhat

advisories

rhsa
id RHSA-2017:2787
rhsa
id RHSA-2017:2886
rhsa
id RHSA-2018:0279
rhsa
id RHSA-2018:0574

rpms

rh-mysql56-mysql-0:5.6.37-5.el6
rh-mysql56-mysql-0:5.6.37-5.el7
rh-mysql56-mysql-bench-0:5.6.37-5.el6
rh-mysql56-mysql-bench-0:5.6.37-5.el7
rh-mysql56-mysql-common-0:5.6.37-5.el6
rh-mysql56-mysql-common-0:5.6.37-5.el7
rh-mysql56-mysql-config-0:5.6.37-5.el6
rh-mysql56-mysql-config-0:5.6.37-5.el7
rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6
rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7
rh-mysql56-mysql-devel-0:5.6.37-5.el6
rh-mysql56-mysql-devel-0:5.6.37-5.el7
rh-mysql56-mysql-errmsg-0:5.6.37-5.el6
rh-mysql56-mysql-errmsg-0:5.6.37-5.el7
rh-mysql56-mysql-server-0:5.6.37-5.el6
rh-mysql56-mysql-server-0:5.6.37-5.el7
rh-mysql56-mysql-test-0:5.6.37-5.el6
rh-mysql56-mysql-test-0:5.6.37-5.el7
rh-mysql57-mysql-0:5.7.19-6.el6
rh-mysql57-mysql-0:5.7.19-6.el7
rh-mysql57-mysql-common-0:5.7.19-6.el6
rh-mysql57-mysql-common-0:5.7.19-6.el7
rh-mysql57-mysql-config-0:5.7.19-6.el6
rh-mysql57-mysql-config-0:5.7.19-6.el7
rh-mysql57-mysql-debuginfo-0:5.7.19-6.el6
rh-mysql57-mysql-debuginfo-0:5.7.19-6.el7
rh-mysql57-mysql-devel-0:5.7.19-6.el6
rh-mysql57-mysql-devel-0:5.7.19-6.el7
rh-mysql57-mysql-errmsg-0:5.7.19-6.el6
rh-mysql57-mysql-errmsg-0:5.7.19-6.el7
rh-mysql57-mysql-server-0:5.7.19-6.el6
rh-mysql57-mysql-server-0:5.7.19-6.el7
rh-mysql57-mysql-test-0:5.7.19-6.el6
rh-mysql57-mysql-test-0:5.7.19-6.el7
rh-mariadb100-mariadb-1:10.0.33-3.el6
rh-mariadb100-mariadb-1:10.0.33-3.el7
rh-mariadb100-mariadb-bench-1:10.0.33-3.el6
rh-mariadb100-mariadb-bench-1:10.0.33-3.el7
rh-mariadb100-mariadb-common-1:10.0.33-3.el6
rh-mariadb100-mariadb-common-1:10.0.33-3.el7
rh-mariadb100-mariadb-config-1:10.0.33-3.el6
rh-mariadb100-mariadb-config-1:10.0.33-3.el7
rh-mariadb100-mariadb-debuginfo-1:10.0.33-3.el6
rh-mariadb100-mariadb-debuginfo-1:10.0.33-3.el7
rh-mariadb100-mariadb-devel-1:10.0.33-3.el6
rh-mariadb100-mariadb-devel-1:10.0.33-3.el7
rh-mariadb100-mariadb-errmsg-1:10.0.33-3.el6
rh-mariadb100-mariadb-errmsg-1:10.0.33-3.el7
rh-mariadb100-mariadb-oqgraph-engine-1:10.0.33-3.el6
rh-mariadb100-mariadb-oqgraph-engine-1:10.0.33-3.el7
rh-mariadb100-mariadb-server-1:10.0.33-3.el6
rh-mariadb100-mariadb-server-1:10.0.33-3.el7
rh-mariadb100-mariadb-test-1:10.0.33-3.el6
rh-mariadb100-mariadb-test-1:10.0.33-3.el7
rh-mariadb101-galera-0:25.3.12-12.el6
rh-mariadb101-galera-0:25.3.12-12.el7
rh-mariadb101-galera-debuginfo-0:25.3.12-12.el6
rh-mariadb101-galera-debuginfo-0:25.3.12-12.el7
rh-mariadb101-mariadb-1:10.1.29-3.el6
rh-mariadb101-mariadb-1:10.1.29-3.el7
rh-mariadb101-mariadb-bench-1:10.1.29-3.el6
rh-mariadb101-mariadb-bench-1:10.1.29-3.el7
rh-mariadb101-mariadb-common-1:10.1.29-3.el6
rh-mariadb101-mariadb-common-1:10.1.29-3.el7
rh-mariadb101-mariadb-config-1:10.1.29-3.el6
rh-mariadb101-mariadb-config-1:10.1.29-3.el7
rh-mariadb101-mariadb-debuginfo-1:10.1.29-3.el6
rh-mariadb101-mariadb-debuginfo-1:10.1.29-3.el7
rh-mariadb101-mariadb-devel-1:10.1.29-3.el6
rh-mariadb101-mariadb-devel-1:10.1.29-3.el7
rh-mariadb101-mariadb-errmsg-1:10.1.29-3.el6
rh-mariadb101-mariadb-errmsg-1:10.1.29-3.el7
rh-mariadb101-mariadb-oqgraph-engine-1:10.1.29-3.el6
rh-mariadb101-mariadb-oqgraph-engine-1:10.1.29-3.el7
rh-mariadb101-mariadb-server-1:10.1.29-3.el6
rh-mariadb101-mariadb-server-1:10.1.29-3.el7
rh-mariadb101-mariadb-server-galera-1:10.1.29-3.el6
rh-mariadb101-mariadb-server-galera-1:10.1.29-3.el7
rh-mariadb101-mariadb-test-1:10.1.29-3.el6
rh-mariadb101-mariadb-test-1:10.1.29-3.el7