Debian update for mariadb-10.0
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 |
| CWE-ID | CWE-264 CWE-284 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Debian Linux Operating systems & Components / Operating system |
| Vendor | Debian |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Security restrictions bypass
EUVDB-ID: #VU6686
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-3308
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.
Update the affected package to version: 10.0.32-0+deb8u1
Vulnerable software versionsDebian Linux: All versions
External linkshttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Security restrictions bypass
EUVDB-ID: #VU6685
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-3309
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.
Update the affected package to version: 10.0.32-0+deb8u1
Vulnerable software versionsDebian Linux: All versions
External linkshttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Security restrictions bypass
EUVDB-ID: #VU6688
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-3453
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.
Update the affected package to version: 10.0.32-0+deb8u1
Vulnerable software versionsDebian Linux: All versions
External linkshttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Security restrictions bypass
EUVDB-ID: #VU6687
Risk: Low
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-3456
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.
Update the affected package to version: 10.0.32-0+deb8u1
Vulnerable software versionsDebian Linux: All versions
External linkshttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Security restrictions bypass
EUVDB-ID: #VU6683
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-3464
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to write arbitrary files on the target system.
The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can update, insert or delete some of MySQL Server accessible data.
Update the affected package to version: 10.0.32-0+deb8u1
Vulnerable software versionsDebian Linux: All versions
External linkshttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper Access Control
EUVDB-ID: #VU10285
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-3636
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability exists due to an unspecified error in the MySQL Server within Client programs component. A local user can exploit the vulnerability to gain full access to MySQL databases.
MitigationUpdate the affected package to version: 10.0.32-0+deb8u1
Vulnerable software versionsDebian Linux: All versions
External linkshttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper Access Control
EUVDB-ID: #VU10290
Risk: Low
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-3641
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability exists due to an unspecified error in the MySQL Server within DML component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.
MitigationUpdate the affected package to version: 10.0.32-0+deb8u1
Vulnerable software versionsDebian Linux: All versions
External linkshttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper Access Control
EUVDB-ID: #VU10303
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-3653
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability exists due to an unspecified error in the MySQL Server within DDL component. A remote authenticated attacker can exploit the vulnerability to perform unauthorized modification of data.
MitigationUpdate the affected package to version: 10.0.32-0+deb8u1
Vulnerable software versionsDebian Linux: All versions
External linkshttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
