Vulnerabilities > CVE-2017-3633 - Unspecified vulnerability in Oracle Mysql
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
LOW Availability impact
HIGH Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).
Vulnerable Configurations
Nessus
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2017-888.NASL description Server: Charsets unspecified vulnerability (CPU Jul 2017) : Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2017-3648) Server: Replication unspecified vulnerability (CPU Jul 2017) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2017-3649) Client mysqldump unspecified vulnerability (CPU Jul 2017) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2017-3651) Server: DDL unspecified vulnerability (CPU Jul 2017) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2017-3653) Server: DML unspecified vulnerability (CPU Jul 2017) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2017-3641) Replication unspecified vulnerability (CPU Jul 2017) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2017-3647) Server: Memcached unspecified vulnerability (CPU Jul 2017) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2017-3633) C API unspecified vulnerability (CPU Jul 2017) Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C). Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. Note: The documentation has also been updated for the correct way to use mysql_stmt_close(). Please see: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html. (CVE-2017-3635) Server: DML unspecified vulnerability (CPU Jul 2017) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2017-3634) Server: DDL unspecified vulnerability (CPU Jul 2017) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. (CVE-2017-3652) last seen 2020-06-01 modified 2020-06-02 plugin id 102876 published 2017-09-01 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102876 title Amazon Linux AMI : mysql56 (ALAS-2017-888) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2017-888. # include("compat.inc"); if (description) { script_id(102876); script_version("3.4"); script_cvs_date("Date: 2019/07/10 16:04:12"); script_cve_id("CVE-2017-3633", "CVE-2017-3634", "CVE-2017-3635", "CVE-2017-3641", "CVE-2017-3647", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3651", "CVE-2017-3652", "CVE-2017-3653"); script_xref(name:"ALAS", value:"2017-888"); script_name(english:"Amazon Linux AMI : mysql56 (ALAS-2017-888)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "Server: Charsets unspecified vulnerability (CPU Jul 2017) : Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2017-3648) Server: Replication unspecified vulnerability (CPU Jul 2017) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2017-3649) Client mysqldump unspecified vulnerability (CPU Jul 2017) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2017-3651) Server: DDL unspecified vulnerability (CPU Jul 2017) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2017-3653) Server: DML unspecified vulnerability (CPU Jul 2017) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2017-3641) Replication unspecified vulnerability (CPU Jul 2017) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2017-3647) Server: Memcached unspecified vulnerability (CPU Jul 2017) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2017-3633) C API unspecified vulnerability (CPU Jul 2017) Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C). Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. Note: The documentation has also been updated for the correct way to use mysql_stmt_close(). Please see: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html. (CVE-2017-3635) Server: DML unspecified vulnerability (CPU Jul 2017) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2017-3634) Server: DDL unspecified vulnerability (CPU Jul 2017) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. (CVE-2017-3652)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2017-888.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update mysql56' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql56"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql56-bench"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql56-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql56-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql56-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql56-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql56-embedded-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql56-errmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql56-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql56-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql56-test"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/08"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"mysql56-5.6.37-1.26.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"mysql56-bench-5.6.37-1.26.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"mysql56-common-5.6.37-1.26.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"mysql56-debuginfo-5.6.37-1.26.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"mysql56-devel-5.6.37-1.26.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"mysql56-embedded-5.6.37-1.26.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"mysql56-embedded-devel-5.6.37-1.26.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"mysql56-errmsg-5.6.37-1.26.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"mysql56-libs-5.6.37-1.26.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"mysql56-server-5.6.37-1.26.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"mysql56-test-5.6.37-1.26.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql56 / mysql56-bench / mysql56-common / mysql56-debuginfo / etc"); }NASL family Databases NASL id MYSQL_5_6_37_RPM.NASL description The version of MySQL running on the remote host is 5.6.x prior to 5.6.37. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Memcached component that allows an unauthenticated, remote attacker to impact integrity and availability. (CVE-2017-3633) - Multiple unspecified flaws exist in the DML component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3634, CVE-2017-3641) - An unspecified flaw exists in the Connector/C and C API components that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3635) - An unspecified flaw exists in the Client programs component that allows a local attacker to impact confidentiality, integrity, and availability. (CVE-2017-3636) - Multiple unspecified flaws exist in the Replication component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3647, CVE-2017-3649) - An unspecified flaw exists in the Charsets component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3648) - An unspecified flaw exists in the Client mysqldump component that allows an authenticated, remote attacker to impact integrity. (CVE-2017-3651) - Multiple unspecified flaws exist in the DDL component that allow an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-3652, CVE-2017-3653) - An unspecified flaw exists in the OpenSSL Encryption component that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-3731) - An unspecified flaw exists in the Optimizer component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-10279) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-04 modified 2017-07-26 plugin id 101978 published 2017-07-26 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101978 title MySQL 5.6.x < 5.6.37 Multiple Vulnerabilities (RPM Check) (July 2017 CPU) (October 2017 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(101978); script_version("1.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/03"); script_cve_id( "CVE-2017-3633", "CVE-2017-3634", "CVE-2017-3635", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3647", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3651", "CVE-2017-3652", "CVE-2017-3653", "CVE-2017-3731", "CVE-2017-10279" ); script_bugtraq_id( 95813, 99722, 99729, 99730, 99736, 99767, 99789, 99796, 99799, 99802, 99805, 99810, 101316 ); script_name(english:"MySQL 5.6.x < 5.6.37 Multiple Vulnerabilities (RPM Check) (July 2017 CPU) (October 2017 CPU)"); script_summary(english:"Checks the version of MySQL server."); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of MySQL running on the remote host is 5.6.x prior to 5.6.37. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Memcached component that allows an unauthenticated, remote attacker to impact integrity and availability. (CVE-2017-3633) - Multiple unspecified flaws exist in the DML component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3634, CVE-2017-3641) - An unspecified flaw exists in the Connector/C and C API components that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3635) - An unspecified flaw exists in the Client programs component that allows a local attacker to impact confidentiality, integrity, and availability. (CVE-2017-3636) - Multiple unspecified flaws exist in the Replication component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3647, CVE-2017-3649) - An unspecified flaw exists in the Charsets component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3648) - An unspecified flaw exists in the Client mysqldump component that allows an authenticated, remote attacker to impact integrity. (CVE-2017-3651) - Multiple unspecified flaws exist in the DDL component that allow an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-3652, CVE-2017-3653) - An unspecified flaw exists in the OpenSSL Encryption component that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-3731) - An unspecified flaw exists in the Optimizer component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-10279) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-37.html"); # http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?76f5def7"); # http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1e07fa0e"); # https://support.oracle.com/epmos/faces/DocumentDisplay?id=2279658.1 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d520c6c8"); script_set_attribute(attribute:"see_also", value:"https://support.oracle.com/rs?type=doc&id=2307762.1"); # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3809960.xml script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?322067e2"); # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3937099.xml script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8e9f2a38"); script_set_attribute(attribute:"solution", value: "Upgrade to MySQL version 5.6.37 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-3633"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/07/18"); script_set_attribute(attribute:"patch_publication_date", value:"2017/07/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/26"); script_set_attribute(attribute:"agent", value:"unix"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled"); script_require_ports("Host/RedHat/release", "Host/AmazonLinux/release", "Host/SuSE/release", "Host/CentOS/release"); exit(0); } include("mysql_version.inc"); fix_version = "5.6.37"; exists_version = "5.6"; mysql_check_rpms(mysql_packages:default_mysql_rpm_list_all, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_WARNING);NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3357-1.NASL description Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.57 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 17.04 have been updated to MySQL 5.7.19. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-19.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622 .html. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 101892 published 2017-07-21 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101892 title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3357-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3357-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(101892); script_version("3.9"); script_cvs_date("Date: 2019/09/18 12:31:47"); script_cve_id("CVE-2017-3529", "CVE-2017-3633", "CVE-2017-3634", "CVE-2017-3635", "CVE-2017-3636", "CVE-2017-3637", "CVE-2017-3638", "CVE-2017-3639", "CVE-2017-3640", "CVE-2017-3641", "CVE-2017-3642", "CVE-2017-3643", "CVE-2017-3644", "CVE-2017-3645", "CVE-2017-3647", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3650", "CVE-2017-3651", "CVE-2017-3652", "CVE-2017-3653"); script_xref(name:"USN", value:"3357-1"); script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3357-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.57 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 17.04 have been updated to MySQL 5.7.19. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-19.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622 .html. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3357-1/" ); script_set_attribute( attribute:"solution", value: "Update the affected mysql-server-5.5 and / or mysql-server-5.7 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/08"); script_set_attribute(attribute:"patch_publication_date", value:"2017/07/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(14\.04|16\.04|17\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 17.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"14.04", pkgname:"mysql-server-5.5", pkgver:"5.5.57-0ubuntu0.14.04.1")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"mysql-server-5.7", pkgver:"5.7.19-0ubuntu0.16.04.1")) flag++; if (ubuntu_check(osver:"17.04", pkgname:"mysql-server-5.7", pkgver:"5.7.19-0ubuntu0.17.04.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql-server-5.5 / mysql-server-5.7"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-866.NASL description This update for mysql-community-server to version 5.6.37 fixes security issues and bugs. The following vulnerabilities were fixed : - CVE-2017-3633: Memcached unspecified vulnerability (boo#1049394) - CVE-2017-3634: DML unspecified vulnerability (boo#1049396) - CVE-2017-3635: C API unspecified vulnerability (boo#1049398) - CVE-2017-3636: Client programs unspecified vulnerability (boo#1049399) - CVE-2017-3641: DML unspecified vulnerability (boo#1049404) - CVE-2017-3647: Replication unspecified vulnerability (boo#1049410) - CVE-2017-3648: Charsets unspecified vulnerability (boo#1049411) - CVE-2017-3649: Replication unspecified vulnerability (boo#1049412) - CVE-2017-3651: Client mysqldump unspecified vulnerability (boo#1049415) - CVE-2017-3652: DDL unspecified vulnerability (boo#1049416) - CVE-2017-3653: DDL unspecified vulnerability (boo#1049417) - CVE-2017-3732: Security, Encryption unspecified vulnerability (boo#1049421) The following general changes are included : - switch systemd unit file from last seen 2020-06-05 modified 2017-07-31 plugin id 102056 published 2017-07-31 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102056 title openSUSE Security Update : mysql-community-server (openSUSE-2017-866) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2017-866. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(102056); script_version("3.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-3633", "CVE-2017-3634", "CVE-2017-3635", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3647", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3651", "CVE-2017-3652", "CVE-2017-3653", "CVE-2017-3732"); script_name(english:"openSUSE Security Update : mysql-community-server (openSUSE-2017-866)"); script_summary(english:"Check for the openSUSE-2017-866 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for mysql-community-server to version 5.6.37 fixes security issues and bugs. The following vulnerabilities were fixed : - CVE-2017-3633: Memcached unspecified vulnerability (boo#1049394) - CVE-2017-3634: DML unspecified vulnerability (boo#1049396) - CVE-2017-3635: C API unspecified vulnerability (boo#1049398) - CVE-2017-3636: Client programs unspecified vulnerability (boo#1049399) - CVE-2017-3641: DML unspecified vulnerability (boo#1049404) - CVE-2017-3647: Replication unspecified vulnerability (boo#1049410) - CVE-2017-3648: Charsets unspecified vulnerability (boo#1049411) - CVE-2017-3649: Replication unspecified vulnerability (boo#1049412) - CVE-2017-3651: Client mysqldump unspecified vulnerability (boo#1049415) - CVE-2017-3652: DDL unspecified vulnerability (boo#1049416) - CVE-2017-3653: DDL unspecified vulnerability (boo#1049417) - CVE-2017-3732: Security, Encryption unspecified vulnerability (boo#1049421) The following general changes are included : - switch systemd unit file from 'Restart=on-failure' to 'Restart=on-abort' - update file lists for new man-pages and tools (for mariadb) For a list of upstream changes in this release, see: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-37.html" ); # http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-37.html script_set_attribute( attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-37.html" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049394" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049396" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049398" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049399" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049404" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049410" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049411" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049412" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049415" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049416" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049417" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049421" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049422" ); script_set_attribute( attribute:"solution", value:"Update the affected mysql-community-server packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysql56client18"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysql56client18-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysql56client_r18"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmysql56client_r18-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-bench"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-bench-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-client-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-errormessages"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-test-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-community-server-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"patch_publication_date", value:"2017/07/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.2|SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2 / 42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.2", reference:"libmysql56client18-5.6.37-24.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libmysql56client18-debuginfo-5.6.37-24.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libmysql56client_r18-5.6.37-24.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-5.6.37-24.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-bench-5.6.37-24.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-bench-debuginfo-5.6.37-24.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-client-5.6.37-24.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-client-debuginfo-5.6.37-24.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-debuginfo-5.6.37-24.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-debugsource-5.6.37-24.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-errormessages-5.6.37-24.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-test-5.6.37-24.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-test-debuginfo-5.6.37-24.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-tools-5.6.37-24.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"mysql-community-server-tools-debuginfo-5.6.37-24.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libmysql56client18-32bit-5.6.37-24.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libmysql56client18-debuginfo-32bit-5.6.37-24.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libmysql56client_r18-32bit-5.6.37-24.9.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libmysql56client18-5.6.37-27.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libmysql56client18-debuginfo-5.6.37-27.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libmysql56client_r18-5.6.37-27.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mysql-community-server-5.6.37-27.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mysql-community-server-bench-5.6.37-27.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mysql-community-server-bench-debuginfo-5.6.37-27.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mysql-community-server-client-5.6.37-27.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mysql-community-server-client-debuginfo-5.6.37-27.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mysql-community-server-debuginfo-5.6.37-27.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mysql-community-server-debugsource-5.6.37-27.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mysql-community-server-errormessages-5.6.37-27.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mysql-community-server-test-5.6.37-27.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mysql-community-server-test-debuginfo-5.6.37-27.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mysql-community-server-tools-5.6.37-27.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mysql-community-server-tools-debuginfo-5.6.37-27.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libmysql56client18-32bit-5.6.37-27.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libmysql56client18-debuginfo-32bit-5.6.37-27.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libmysql56client_r18-32bit-5.6.37-27.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libmysql56client18-32bit / libmysql56client18 / etc"); }NASL family Databases NASL id MYSQL_5_7_19.NASL description The version of MySQL running on the remote host is 5.7.x prior to 5.7.19. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the UDF component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3529) - An unspecified flaw exists in the Memcached component that allows an unauthenticated, remote attacker to impact integrity and availability. (CVE-2017-3633) - Multiple unspecified flaws exist in the DML component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3634, CVE-2017-3639, CVE-2017-3640, CVE-2017-3641, CVE-2017-3643, CVE-2017-3644, CVE-2017-10296) - An unspecified flaw exists in the Connector/C and C API components that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3635) - An unspecified flaw exists in the X Plugin component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3637) - Multiple unspecified flaws exist in the Optimizer component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3638, CVE-2017-3642, CVE-2017-3645, CVE-2017-10279) - Multiple unspecified flaws exist in the Replication component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3647, CVE-2017-3649) - An unspecified flaw exists in the Charsets component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3648) - An unspecified flaw exists in the C API component that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-3650) - An unspecified flaw exists in the Client mysqldump component that allows an authenticated, remote attacker to impact integrity. (CVE-2017-3651) - Multiple unspecified flaws exist in the DDL component that allow an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-3652, CVE-2017-3653) - An unspecified flaw exists in the OpenSSL Encryption component that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-3731) - An unspecified flaw exists in the Stored Procedure component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-10284) - An unspecified flaw exists in the InnoDB component that allows an authenticated, remote attacker to cause a denial of service condition or to modify the contents of the MySQL database. (CVE-2017-10365) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 101821 published 2017-07-19 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101821 title MySQL 5.7.x < 5.7.19 Multiple Vulnerabilities (Jul 2017 CPU) (Oct 2017 CPU) (Jul 2019 CPU) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201802-04.NASL description The remote host is affected by the vulnerability described in GLSA-201802-04 (MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL. Please review the referenced CVE identifiers for details. Impact : A remote attacker could execute arbitrary code without authentication or cause a partial denial of service condition. Workaround : There are no known workarounds at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 106885 published 2018-02-20 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106885 title GLSA-201802-04 : MySQL: Multiple vulnerabilities NASL family Databases NASL id MYSQL_5_7_19_RPM.NASL description The version of MySQL running on the remote host is 5.7.x prior to 5.7.19. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the UDF component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3529) - An unspecified flaw exists in the Memcached component that allows an unauthenticated, remote attacker to impact integrity and availability. (CVE-2017-3633) - Multiple unspecified flaws exist in the DML component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3634, CVE-2017-3639, CVE-2017-3640, CVE-2017-3641, CVE-2017-3643, CVE-2017-3644, CVE-2017-10296) - An unspecified flaw exists in the Connector/C and C API components that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3635) - An unspecified flaw exists in the X Plugin component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3637) - Multiple unspecified flaws exist in the Optimizer component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3638, CVE-2017-3642, CVE-2017-3645, CVE-2017-10279) - Multiple unspecified flaws exist in the Replication component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3647, CVE-2017-3649) - An unspecified flaw exists in the Charsets component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3648) - An unspecified flaw exists in the C API component that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-3650) - An unspecified flaw exists in the Client mysqldump component that allows an authenticated, remote attacker to impact integrity. (CVE-2017-3651) - Multiple unspecified flaws exist in the DDL component that allow an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-3652, CVE-2017-3653) - An unspecified flaw exists in the OpenSSL Encryption component that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-3731) - An unspecified flaw exists in the Stored Procedure component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-10284) - An unspecified flaw exists in the InnoDB component that allows an authenticated, remote attacker to cause a denial of service condition or to modify the contents of the MySQL database. (CVE-2017-10365) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-04 modified 2017-07-26 plugin id 101979 published 2017-07-26 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101979 title MySQL 5.7.x < 5.7.19 Multiple Vulnerabilities (RPM Check) (July 2017 CPU) (October 2017 CPU) NASL family Databases NASL id MYSQL_5_6_37.NASL description The version of MySQL running on the remote host is 5.6.x prior to 5.6.37. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Memcached component that allows an unauthenticated, remote attacker to impact integrity and availability. (CVE-2017-3633) - Multiple unspecified flaws exist in the DML component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3634, CVE-2017-3641) - An unspecified flaw exists in the Connector/C and C API components that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3635) - An unspecified flaw exists in the Client programs component that allows a local attacker to impact confidentiality, integrity, and availability. (CVE-2017-3636) - Multiple unspecified flaws exist in the Replication component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3647, CVE-2017-3649) - An unspecified flaw exists in the Charsets component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3648) - An unspecified flaw exists in the Client mysqldump component that allows an authenticated, remote attacker to impact integrity. (CVE-2017-3651) - Multiple unspecified flaws exist in the DDL component that allow an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-3652, CVE-2017-3653) - An unspecified flaw exists in the OpenSSL Encryption component that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-3731) - An unspecified flaw exists in the Optimizer component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-10279) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 101820 published 2017-07-19 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101820 title MySQL 5.6.x < 5.6.37 Multiple Vulnerabilities (July 2017 CPU) (October 2017 CPU) NASL family Fedora Local Security Checks NASL id FEDORA_2017-7C039552FA.NASL description **Update to version 5.7.19** Replication tests in the testsuite enabled, they don last seen 2020-06-05 modified 2017-08-10 plugin id 102328 published 2017-08-10 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102328 title Fedora 25 : community-mysql (2017-7c039552fa) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_CDA2F3C26C8B11E7867FB499BAEBFEAF.NASL description Oracle reports : Please reference CVE/URL list for details last seen 2020-06-01 modified 2020-06-02 plugin id 101828 published 2017-07-20 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101828 title FreeBSD : MySQL -- multiple vulnerabilities (cda2f3c2-6c8b-11e7-867f-b499baebfeaf) NASL family Fedora Local Security Checks NASL id FEDORA_2017-EE93493BEA.NASL description **Update to version 5.7.19** Replication tests in the testsuite enabled, they don last seen 2020-06-05 modified 2017-08-10 plugin id 102329 published 2017-08-10 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102329 title Fedora 26 : community-mysql (2017-ee93493bea)
Redhat
| advisories |
| ||||||||
| rpms |
|
References
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.securitytracker.com/id/1038928
- http://www.securityfocus.com/bid/99722
- https://access.redhat.com/errata/RHSA-2017:2886
- https://access.redhat.com/errata/RHSA-2017:2787
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html