Vulnerabilities > CVE-2017-3648

047910
CVSS 4.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
HIGH
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
high complexity
oracle
debian
nessus

Summary

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Configurations

Part Description Count
Application
Oracle
118
OS
Debian
1

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3922.NASL
    descriptionSeveral issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.57, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes. Please see the MySQL 5.5 Release Notes and Oracle
    last seen2020-06-01
    modified2020-06-02
    plugin id102046
    published2017-07-31
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102046
    titleDebian DSA-3922-1 : mysql-5.5 - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-3922. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(102046);
      script_version("3.6");
      script_cvs_date("Date: 2018/11/13 12:30:46");
    
      script_cve_id("CVE-2017-3635", "CVE-2017-3636", "CVE-2017-3641", "CVE-2017-3648", "CVE-2017-3651", "CVE-2017-3652", "CVE-2017-3653");
      script_xref(name:"DSA", value:"3922");
    
      script_name(english:"Debian DSA-3922-1 : mysql-5.5 - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several issues have been discovered in the MySQL database server. The
    vulnerabilities are addressed by upgrading MySQL to the new upstream
    version 5.5.57, which includes additional changes, such as performance
    improvements, bug fixes, new features, and possibly incompatible
    changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical
    Patch Update advisory for further details :
    
      -
        https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5
        -56.html
      -
        https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5
        -57.html
    
      -
        http://www.oracle.com/technetwork/security-advisory/cpuj
        ul2017-3236622.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868788"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html"
      );
      # https://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?88deb2ba"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/mysql-5.5"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2017/dsa-3922"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the mysql-5.5 packages.
    
    For the oldstable distribution (jessie), these problems have been
    fixed in version 5.5.57-0+deb8u1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mysql-5.5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/07/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/31");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"libmysqlclient-dev", reference:"5.5.57-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"libmysqlclient18", reference:"5.5.57-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"libmysqld-dev", reference:"5.5.57-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"libmysqld-pic", reference:"5.5.57-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"mysql-client", reference:"5.5.57-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"mysql-client-5.5", reference:"5.5.57-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"mysql-common", reference:"5.5.57-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"mysql-server", reference:"5.5.57-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"mysql-server-5.5", reference:"5.5.57-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"mysql-server-core-5.5", reference:"5.5.57-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"mysql-source-5.5", reference:"5.5.57-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"mysql-testsuite", reference:"5.5.57-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"mysql-testsuite-5.5", reference:"5.5.57-0+deb8u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1043.NASL
    descriptionSeveral issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.57, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes. Please see the MySQL 5.5 Release Notes and Oracle
    last seen2020-03-17
    modified2017-07-31
    plugin id102041
    published2017-07-31
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102041
    titleDebian DLA-1043-1 : mysql-5.5 security update
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-888.NASL
    descriptionServer: Charsets unspecified vulnerability (CPU Jul 2017) : Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2017-3648) Server: Replication unspecified vulnerability (CPU Jul 2017) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2017-3649) Client mysqldump unspecified vulnerability (CPU Jul 2017) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2017-3651) Server: DDL unspecified vulnerability (CPU Jul 2017) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2017-3653) Server: DML unspecified vulnerability (CPU Jul 2017) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2017-3641) Replication unspecified vulnerability (CPU Jul 2017) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2017-3647) Server: Memcached unspecified vulnerability (CPU Jul 2017) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2017-3633) C API unspecified vulnerability (CPU Jul 2017) Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C). Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. Note: The documentation has also been updated for the correct way to use mysql_stmt_close(). Please see: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html. (CVE-2017-3635) Server: DML unspecified vulnerability (CPU Jul 2017) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2017-3634) Server: DDL unspecified vulnerability (CPU Jul 2017) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. (CVE-2017-3652)
    last seen2020-06-01
    modified2020-06-02
    plugin id102876
    published2017-09-01
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102876
    titleAmazon Linux AMI : mysql56 (ALAS-2017-888)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-887.NASL
    descriptionServer: Charsets unspecified vulnerability (CPU Jul 2017) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2017-3648) Server: DML unspecified vulnerability (CPU Jul 2017) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2017-3641) Client programs unspecified vulnerability (CPU Jul 2017) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. (CVE-2017-3636) C API unspecified vulnerability (CPU Jul 2017) : Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C). Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. Note: The documentation has also been updated for the correct way to use mysql_stmt_close(). Please see: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html.(CVE- 2017-3635) Client mysqldump unspecified vulnerability (CPU Jul 2017) : Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2017-3651) Server: DDL unspecified vulnerability (CPU Jul 2017) : Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2017-3653) Server: DDL unspecified vulnerability (CPU Jul 2017) : Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. (CVE-2017-3652)
    last seen2020-06-01
    modified2020-06-02
    plugin id102875
    published2017-09-01
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102875
    titleAmazon Linux AMI : mysql55 (ALAS-2017-887)
  • NASL familyDatabases
    NASL idMYSQL_5_6_37_RPM.NASL
    descriptionThe version of MySQL running on the remote host is 5.6.x prior to 5.6.37. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Memcached component that allows an unauthenticated, remote attacker to impact integrity and availability. (CVE-2017-3633) - Multiple unspecified flaws exist in the DML component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3634, CVE-2017-3641) - An unspecified flaw exists in the Connector/C and C API components that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3635) - An unspecified flaw exists in the Client programs component that allows a local attacker to impact confidentiality, integrity, and availability. (CVE-2017-3636) - Multiple unspecified flaws exist in the Replication component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3647, CVE-2017-3649) - An unspecified flaw exists in the Charsets component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3648) - An unspecified flaw exists in the Client mysqldump component that allows an authenticated, remote attacker to impact integrity. (CVE-2017-3651) - Multiple unspecified flaws exist in the DDL component that allow an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-3652, CVE-2017-3653) - An unspecified flaw exists in the OpenSSL Encryption component that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-3731) - An unspecified flaw exists in the Optimizer component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-10279) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-04
    modified2017-07-26
    plugin id101978
    published2017-07-26
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101978
    titleMySQL 5.6.x < 5.6.37 Multiple Vulnerabilities (RPM Check) (July 2017 CPU) (October 2017 CPU)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3357-1.NASL
    descriptionMultiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.57 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 17.04 have been updated to MySQL 5.7.19. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-19.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622 .html. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101892
    published2017-07-21
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101892
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.04 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3357-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-866.NASL
    descriptionThis update for mysql-community-server to version 5.6.37 fixes security issues and bugs. The following vulnerabilities were fixed : - CVE-2017-3633: Memcached unspecified vulnerability (boo#1049394) - CVE-2017-3634: DML unspecified vulnerability (boo#1049396) - CVE-2017-3635: C API unspecified vulnerability (boo#1049398) - CVE-2017-3636: Client programs unspecified vulnerability (boo#1049399) - CVE-2017-3641: DML unspecified vulnerability (boo#1049404) - CVE-2017-3647: Replication unspecified vulnerability (boo#1049410) - CVE-2017-3648: Charsets unspecified vulnerability (boo#1049411) - CVE-2017-3649: Replication unspecified vulnerability (boo#1049412) - CVE-2017-3651: Client mysqldump unspecified vulnerability (boo#1049415) - CVE-2017-3652: DDL unspecified vulnerability (boo#1049416) - CVE-2017-3653: DDL unspecified vulnerability (boo#1049417) - CVE-2017-3732: Security, Encryption unspecified vulnerability (boo#1049421) The following general changes are included : - switch systemd unit file from
    last seen2020-06-05
    modified2017-07-31
    plugin id102056
    published2017-07-31
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102056
    titleopenSUSE Security Update : mysql-community-server (openSUSE-2017-866)
  • NASL familyDatabases
    NASL idMYSQL_5_7_19.NASL
    descriptionThe version of MySQL running on the remote host is 5.7.x prior to 5.7.19. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the UDF component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3529) - An unspecified flaw exists in the Memcached component that allows an unauthenticated, remote attacker to impact integrity and availability. (CVE-2017-3633) - Multiple unspecified flaws exist in the DML component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3634, CVE-2017-3639, CVE-2017-3640, CVE-2017-3641, CVE-2017-3643, CVE-2017-3644, CVE-2017-10296) - An unspecified flaw exists in the Connector/C and C API components that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3635) - An unspecified flaw exists in the X Plugin component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3637) - Multiple unspecified flaws exist in the Optimizer component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3638, CVE-2017-3642, CVE-2017-3645, CVE-2017-10279) - Multiple unspecified flaws exist in the Replication component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3647, CVE-2017-3649) - An unspecified flaw exists in the Charsets component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3648) - An unspecified flaw exists in the C API component that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-3650) - An unspecified flaw exists in the Client mysqldump component that allows an authenticated, remote attacker to impact integrity. (CVE-2017-3651) - Multiple unspecified flaws exist in the DDL component that allow an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-3652, CVE-2017-3653) - An unspecified flaw exists in the OpenSSL Encryption component that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-3731) - An unspecified flaw exists in the Stored Procedure component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-10284) - An unspecified flaw exists in the InnoDB component that allows an authenticated, remote attacker to cause a denial of service condition or to modify the contents of the MySQL database. (CVE-2017-10365) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id101821
    published2017-07-19
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101821
    titleMySQL 5.7.x < 5.7.19 Multiple Vulnerabilities (Jul 2017 CPU) (Oct 2017 CPU) (Jul 2019 CPU)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201802-04.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201802-04 (MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MySQL. Please review the referenced CVE identifiers for details. Impact : A remote attacker could execute arbitrary code without authentication or cause a partial denial of service condition. Workaround : There are no known workarounds at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id106885
    published2018-02-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106885
    titleGLSA-201802-04 : MySQL: Multiple vulnerabilities
  • NASL familyDatabases
    NASL idMYSQL_5_5_57.NASL
    descriptionThe version of MySQL running on the remote host is 5.5.x prior to 5.5.57. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Connector/C and C API components that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3635) - An unspecified flaw exists in the Client programs component that allows a local attacker to impact confidentiality, integrity, and availability. (CVE-2017-3636) - An unspecified flaw exists in the DML component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3641) - An unspecified flaw exists in the Charsets component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3648) - An unspecified flaw exists in the Client mysqldump component that allows an authenticated, remote attacker to impact integrity. (CVE-2017-3651) - Multiple unspecified flaws exist in the DDL component that allow an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-3652, CVE-2017-3653) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-04-30
    modified2017-07-19
    plugin id101819
    published2017-07-19
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101819
    titleMySQL 5.5.x < 5.5.57 Multiple Vulnerabilities (July 2017 CPU)
  • NASL familyDatabases
    NASL idMYSQL_5_5_57_RPM.NASL
    descriptionThe version of MySQL running on the remote host is 5.5.x prior to 5.5.57. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Connector/C and C API components that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3635) - An unspecified flaw exists in the Client programs component that allows a local attacker to impact confidentiality, integrity, and availability. (CVE-2017-3636) - An unspecified flaw exists in the DML component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3641) - An unspecified flaw exists in the Charsets component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3648) - An unspecified flaw exists in the Client mysqldump component that allows an authenticated, remote attacker to impact integrity. (CVE-2017-3651) - Multiple unspecified flaws exist in the DDL component that allow an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-3652, CVE-2017-3653) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-04
    modified2017-07-26
    plugin id101977
    published2017-07-26
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101977
    titleMySQL 5.5.x < 5.5.57 Multiple Vulnerabilities (July 2017 CPU)
  • NASL familyDatabases
    NASL idMYSQL_5_7_19_RPM.NASL
    descriptionThe version of MySQL running on the remote host is 5.7.x prior to 5.7.19. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the UDF component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3529) - An unspecified flaw exists in the Memcached component that allows an unauthenticated, remote attacker to impact integrity and availability. (CVE-2017-3633) - Multiple unspecified flaws exist in the DML component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3634, CVE-2017-3639, CVE-2017-3640, CVE-2017-3641, CVE-2017-3643, CVE-2017-3644, CVE-2017-10296) - An unspecified flaw exists in the Connector/C and C API components that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3635) - An unspecified flaw exists in the X Plugin component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3637) - Multiple unspecified flaws exist in the Optimizer component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3638, CVE-2017-3642, CVE-2017-3645, CVE-2017-10279) - Multiple unspecified flaws exist in the Replication component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3647, CVE-2017-3649) - An unspecified flaw exists in the Charsets component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3648) - An unspecified flaw exists in the C API component that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-3650) - An unspecified flaw exists in the Client mysqldump component that allows an authenticated, remote attacker to impact integrity. (CVE-2017-3651) - Multiple unspecified flaws exist in the DDL component that allow an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-3652, CVE-2017-3653) - An unspecified flaw exists in the OpenSSL Encryption component that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-3731) - An unspecified flaw exists in the Stored Procedure component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-10284) - An unspecified flaw exists in the InnoDB component that allows an authenticated, remote attacker to cause a denial of service condition or to modify the contents of the MySQL database. (CVE-2017-10365) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-04
    modified2017-07-26
    plugin id101979
    published2017-07-26
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101979
    titleMySQL 5.7.x < 5.7.19 Multiple Vulnerabilities (RPM Check) (July 2017 CPU) (October 2017 CPU)
  • NASL familyDatabases
    NASL idMYSQL_5_6_37.NASL
    descriptionThe version of MySQL running on the remote host is 5.6.x prior to 5.6.37. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Memcached component that allows an unauthenticated, remote attacker to impact integrity and availability. (CVE-2017-3633) - Multiple unspecified flaws exist in the DML component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3634, CVE-2017-3641) - An unspecified flaw exists in the Connector/C and C API components that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3635) - An unspecified flaw exists in the Client programs component that allows a local attacker to impact confidentiality, integrity, and availability. (CVE-2017-3636) - Multiple unspecified flaws exist in the Replication component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3647, CVE-2017-3649) - An unspecified flaw exists in the Charsets component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3648) - An unspecified flaw exists in the Client mysqldump component that allows an authenticated, remote attacker to impact integrity. (CVE-2017-3651) - Multiple unspecified flaws exist in the DDL component that allow an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-3652, CVE-2017-3653) - An unspecified flaw exists in the OpenSSL Encryption component that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-3731) - An unspecified flaw exists in the Optimizer component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-10279) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id101820
    published2017-07-19
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101820
    titleMySQL 5.6.x < 5.6.37 Multiple Vulnerabilities (July 2017 CPU) (October 2017 CPU)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-7C039552FA.NASL
    description**Update to version 5.7.19** Replication tests in the testsuite enabled, they don
    last seen2020-06-05
    modified2017-08-10
    plugin id102328
    published2017-08-10
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102328
    titleFedora 25 : community-mysql (2017-7c039552fa)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_CDA2F3C26C8B11E7867FB499BAEBFEAF.NASL
    descriptionOracle reports : Please reference CVE/URL list for details
    last seen2020-06-01
    modified2020-06-02
    plugin id101828
    published2017-07-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101828
    titleFreeBSD : MySQL -- multiple vulnerabilities (cda2f3c2-6c8b-11e7-867f-b499baebfeaf)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-EE93493BEA.NASL
    description**Update to version 5.7.19** Replication tests in the testsuite enabled, they don
    last seen2020-06-05
    modified2017-08-10
    plugin id102329
    published2017-08-10
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102329
    titleFedora 26 : community-mysql (2017-ee93493bea)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2290-1.NASL
    descriptionThis update for mysql fixes the following issues : - CVE-2017-3635: C API unspecified vulnerability (bsc#1049398) - CVE-2017-3636: Client programs unspecified vulnerability (bsc#1049399) - CVE-2017-3641: DML unspecified vulnerability (bsc#1049404) - CVE-2017-3648: Charsets unspecified vulnerability (bsc#1049411) - CVE-2017-3651: Client mysqldump unspecified vulnerability (bsc#1049415) - CVE-2017-3652: DDL unspecified vulnerability (bsc#1049416) - CVE-2017-3653: DDL unspecified vulnerability (bsc#1049417) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id102839
    published2017-08-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102839
    titleSUSE SLES11 Security Update : mysql (SUSE-SU-2017:2290-1)

Redhat

advisories
  • rhsa
    idRHSA-2017:2787
  • rhsa
    idRHSA-2017:2886
rpms
  • rh-mysql56-mysql-0:5.6.37-5.el6
  • rh-mysql56-mysql-0:5.6.37-5.el7
  • rh-mysql56-mysql-bench-0:5.6.37-5.el6
  • rh-mysql56-mysql-bench-0:5.6.37-5.el7
  • rh-mysql56-mysql-common-0:5.6.37-5.el6
  • rh-mysql56-mysql-common-0:5.6.37-5.el7
  • rh-mysql56-mysql-config-0:5.6.37-5.el6
  • rh-mysql56-mysql-config-0:5.6.37-5.el7
  • rh-mysql56-mysql-debuginfo-0:5.6.37-5.el6
  • rh-mysql56-mysql-debuginfo-0:5.6.37-5.el7
  • rh-mysql56-mysql-devel-0:5.6.37-5.el6
  • rh-mysql56-mysql-devel-0:5.6.37-5.el7
  • rh-mysql56-mysql-errmsg-0:5.6.37-5.el6
  • rh-mysql56-mysql-errmsg-0:5.6.37-5.el7
  • rh-mysql56-mysql-server-0:5.6.37-5.el6
  • rh-mysql56-mysql-server-0:5.6.37-5.el7
  • rh-mysql56-mysql-test-0:5.6.37-5.el6
  • rh-mysql56-mysql-test-0:5.6.37-5.el7
  • rh-mysql57-mysql-0:5.7.19-6.el6
  • rh-mysql57-mysql-0:5.7.19-6.el7
  • rh-mysql57-mysql-common-0:5.7.19-6.el6
  • rh-mysql57-mysql-common-0:5.7.19-6.el7
  • rh-mysql57-mysql-config-0:5.7.19-6.el6
  • rh-mysql57-mysql-config-0:5.7.19-6.el7
  • rh-mysql57-mysql-debuginfo-0:5.7.19-6.el6
  • rh-mysql57-mysql-debuginfo-0:5.7.19-6.el7
  • rh-mysql57-mysql-devel-0:5.7.19-6.el6
  • rh-mysql57-mysql-devel-0:5.7.19-6.el7
  • rh-mysql57-mysql-errmsg-0:5.7.19-6.el6
  • rh-mysql57-mysql-errmsg-0:5.7.19-6.el7
  • rh-mysql57-mysql-server-0:5.7.19-6.el6
  • rh-mysql57-mysql-server-0:5.7.19-6.el7
  • rh-mysql57-mysql-test-0:5.7.19-6.el6
  • rh-mysql57-mysql-test-0:5.7.19-6.el7