Vulnerabilities > CVE-2017-3469 - Remote Security vulnerability in Oracle MySQL Workbench

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

oracle

nessus

NVD

Published: 2017-04-24

Updated: 2019-10-03

Summary

Vulnerability in the MySQL Workbench component of Oracle MySQL (subcomponent: Workbench: Security : Encryption). Supported versions that are affected are 6.3.8 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Workbench accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Mysql Workbench 5.2.47 Oracle Mysql Workbench 6.0.9 Oracle Mysql Workbench 6.1.7 Oracle Mysql Workbench 6.2.5 Oracle Mysql Workbench 6.3.8	5

Nessus

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2017-671.NASL
description	This update for mysql-connector-cpp and mysql-workbench fixes the following issues : Mysql-connector-cpp was updated to version 1.1.8 : - See the news files on https://dev.mysql.com/doc/relnotes/connector-cpp/en/ Mysql-workbench was updated to version 6.3.9 : - https://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-3-8.html - https://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-3-9.html - resolves CVE-2017-3469 (boo#1035195)
last seen	2020-06-05
modified	2017-06-12
plugin id	100738
published	2017-06-12
reporter	This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/100738
title	openSUSE Security Update : mysql-connector-cpp / mysql-workbench (openSUSE-2017-671)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2017-671. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(100738); script_version("3.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-3469"); script_name(english:"openSUSE Security Update : mysql-connector-cpp / mysql-workbench (openSUSE-2017-671)"); script_summary(english:"Check for the openSUSE-2017-671 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for mysql-connector-cpp and mysql-workbench fixes the following issues : Mysql-connector-cpp was updated to version 1.1.8 : - See the news files on https://dev.mysql.com/doc/relnotes/connector-cpp/en/ Mysql-workbench was updated to version 6.3.9 : - https://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-3-8.html - https://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-3-9.html - resolves CVE-2017-3469 (boo#1035195)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1035195" ); script_set_attribute( attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/connector-cpp/en/" ); script_set_attribute( attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-3-8.html" ); script_set_attribute( attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-3-9.html" ); script_set_attribute( attribute:"solution", value:"Update the affected mysql-connector-cpp / mysql-workbench packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqlcppconn-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqlcppconn7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysqlcppconn7-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-connector-cpp-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-workbench"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-workbench-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-workbench-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2"); script_set_attribute(attribute:"patch_publication_date", value:"2017/06/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/06/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.2", reference:"libmysqlcppconn-devel-1.1.8-5.3.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libmysqlcppconn7-1.1.8-5.3.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libmysqlcppconn7-debuginfo-1.1.8-5.3.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-connector-cpp-debugsource-1.1.8-5.3.2") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"mysql-workbench-6.3.9-2.5.2") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"mysql-workbench-debuginfo-6.3.9-2.5.2") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"mysql-workbench-debugsource-6.3.9-2.5.2") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libmysqlcppconn-devel / libmysqlcppconn7 / etc"); }

Summary

Vulnerable Configurations

Nessus

References