Vulnerabilities > CVE-2017-3644 - Unspecified vulnerability in Oracle Mysql

047910
CVSS 4.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
oracle
nessus

Summary

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Configurations

Part Description Count
Application
Oracle
551

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3357-1.NASL
    descriptionMultiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.57 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 17.04 have been updated to MySQL 5.7.19. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-19.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622 .html. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101892
    published2017-07-21
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101892
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.04 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3357-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3357-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(101892);
      script_version("3.9");
      script_cvs_date("Date: 2019/09/18 12:31:47");
    
      script_cve_id("CVE-2017-3529", "CVE-2017-3633", "CVE-2017-3634", "CVE-2017-3635", "CVE-2017-3636", "CVE-2017-3637", "CVE-2017-3638", "CVE-2017-3639", "CVE-2017-3640", "CVE-2017-3641", "CVE-2017-3642", "CVE-2017-3643", "CVE-2017-3644", "CVE-2017-3645", "CVE-2017-3647", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3650", "CVE-2017-3651", "CVE-2017-3652", "CVE-2017-3653");
      script_xref(name:"USN", value:"3357-1");
    
      script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3357-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple security issues were discovered in MySQL and this update
    includes new upstream MySQL versions to fix these issues.
    
    MySQL has been updated to 5.5.57 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS
    and Ubuntu 17.04 have been updated to MySQL 5.7.19.
    
    In addition to security fixes, the updated packages contain bug fixes,
    new features, and possibly incompatible changes.
    
    Please see the following for more information:
    http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html
    http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html
    http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-19.html
    http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622
    .html.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3357-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected mysql-server-5.5 and / or mysql-server-5.7
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/07/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04|16\.04|17\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 17.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"mysql-server-5.5", pkgver:"5.5.57-0ubuntu0.14.04.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"mysql-server-5.7", pkgver:"5.7.19-0ubuntu0.16.04.1")) flag++;
    if (ubuntu_check(osver:"17.04", pkgname:"mysql-server-5.7", pkgver:"5.7.19-0ubuntu0.17.04.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql-server-5.5 / mysql-server-5.7");
    }
    
  • NASL familyDatabases
    NASL idMYSQL_5_7_19.NASL
    descriptionThe version of MySQL running on the remote host is 5.7.x prior to 5.7.19. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the UDF component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3529) - An unspecified flaw exists in the Memcached component that allows an unauthenticated, remote attacker to impact integrity and availability. (CVE-2017-3633) - Multiple unspecified flaws exist in the DML component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3634, CVE-2017-3639, CVE-2017-3640, CVE-2017-3641, CVE-2017-3643, CVE-2017-3644, CVE-2017-10296) - An unspecified flaw exists in the Connector/C and C API components that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3635) - An unspecified flaw exists in the X Plugin component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3637) - Multiple unspecified flaws exist in the Optimizer component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3638, CVE-2017-3642, CVE-2017-3645, CVE-2017-10279) - Multiple unspecified flaws exist in the Replication component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3647, CVE-2017-3649) - An unspecified flaw exists in the Charsets component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3648) - An unspecified flaw exists in the C API component that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-3650) - An unspecified flaw exists in the Client mysqldump component that allows an authenticated, remote attacker to impact integrity. (CVE-2017-3651) - Multiple unspecified flaws exist in the DDL component that allow an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-3652, CVE-2017-3653) - An unspecified flaw exists in the OpenSSL Encryption component that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-3731) - An unspecified flaw exists in the Stored Procedure component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-10284) - An unspecified flaw exists in the InnoDB component that allows an authenticated, remote attacker to cause a denial of service condition or to modify the contents of the MySQL database. (CVE-2017-10365) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id101821
    published2017-07-19
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101821
    titleMySQL 5.7.x < 5.7.19 Multiple Vulnerabilities (Jul 2017 CPU) (Oct 2017 CPU) (Jul 2019 CPU)
  • NASL familyDatabases
    NASL idMYSQL_5_7_19_RPM.NASL
    descriptionThe version of MySQL running on the remote host is 5.7.x prior to 5.7.19. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the UDF component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3529) - An unspecified flaw exists in the Memcached component that allows an unauthenticated, remote attacker to impact integrity and availability. (CVE-2017-3633) - Multiple unspecified flaws exist in the DML component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3634, CVE-2017-3639, CVE-2017-3640, CVE-2017-3641, CVE-2017-3643, CVE-2017-3644, CVE-2017-10296) - An unspecified flaw exists in the Connector/C and C API components that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3635) - An unspecified flaw exists in the X Plugin component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3637) - Multiple unspecified flaws exist in the Optimizer component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3638, CVE-2017-3642, CVE-2017-3645, CVE-2017-10279) - Multiple unspecified flaws exist in the Replication component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3647, CVE-2017-3649) - An unspecified flaw exists in the Charsets component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3648) - An unspecified flaw exists in the C API component that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-3650) - An unspecified flaw exists in the Client mysqldump component that allows an authenticated, remote attacker to impact integrity. (CVE-2017-3651) - Multiple unspecified flaws exist in the DDL component that allow an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-3652, CVE-2017-3653) - An unspecified flaw exists in the OpenSSL Encryption component that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-3731) - An unspecified flaw exists in the Stored Procedure component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-10284) - An unspecified flaw exists in the InnoDB component that allows an authenticated, remote attacker to cause a denial of service condition or to modify the contents of the MySQL database. (CVE-2017-10365) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-04
    modified2017-07-26
    plugin id101979
    published2017-07-26
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101979
    titleMySQL 5.7.x < 5.7.19 Multiple Vulnerabilities (RPM Check) (July 2017 CPU) (October 2017 CPU)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_CDA2F3C26C8B11E7867FB499BAEBFEAF.NASL
    descriptionOracle reports : Please reference CVE/URL list for details
    last seen2020-06-01
    modified2020-06-02
    plugin id101828
    published2017-07-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101828
    titleFreeBSD : MySQL -- multiple vulnerabilities (cda2f3c2-6c8b-11e7-867f-b499baebfeaf)

Redhat

advisories
rhsa
idRHSA-2017:2886
rpms
  • rh-mysql57-mysql-0:5.7.19-6.el6
  • rh-mysql57-mysql-0:5.7.19-6.el7
  • rh-mysql57-mysql-common-0:5.7.19-6.el6
  • rh-mysql57-mysql-common-0:5.7.19-6.el7
  • rh-mysql57-mysql-config-0:5.7.19-6.el6
  • rh-mysql57-mysql-config-0:5.7.19-6.el7
  • rh-mysql57-mysql-debuginfo-0:5.7.19-6.el6
  • rh-mysql57-mysql-debuginfo-0:5.7.19-6.el7
  • rh-mysql57-mysql-devel-0:5.7.19-6.el6
  • rh-mysql57-mysql-devel-0:5.7.19-6.el7
  • rh-mysql57-mysql-errmsg-0:5.7.19-6.el6
  • rh-mysql57-mysql-errmsg-0:5.7.19-6.el7
  • rh-mysql57-mysql-server-0:5.7.19-6.el6
  • rh-mysql57-mysql-server-0:5.7.19-6.el7
  • rh-mysql57-mysql-test-0:5.7.19-6.el6
  • rh-mysql57-mysql-test-0:5.7.19-6.el7