SB2017051905 - Amazon Linux AMI update for mysql55

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017051905

SB2017051905 - Amazon Linux AMI update for mysql55

Published: May 19, 2017 Updated: May 24, 2017

Security Bulletin ID SB2017051905
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 10% Low 90%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 vulnerabilities.


1) Security restrictions bypass (CVE-ID: CVE-2017-3462)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.

2) Security restrictions bypass (CVE-ID: CVE-2017-3463)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.

3) Security restrictions bypass (CVE-ID: CVE-2017-3461)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.

4) Security restrictions bypass (CVE-ID: CVE-2017-3464)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote authenticated attacker to write arbitrary files on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can update, insert or delete some of MySQL Server accessible data.

5) CVE-2017-3265 (CVE-ID: CVE-2017-3265)

CWE-ID: -

CVSSv4:



6) Security restrictions bypass (CVE-ID: CVE-2017-3309)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.

7) Security restrictions bypass (CVE-ID: CVE-2017-3308)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.

8) Security restrictions bypass (CVE-ID: CVE-2017-3456)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.

9) Security restrictions bypass (CVE-ID: CVE-2017-3453)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.

10) Security restrictions bypass (CVE-ID: CVE-2017-3450)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.

Remediation

Install update from vendor's website.

References