Improper Access Control in mariadb (Alpine package)



Published: 2017-08-19
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2017-3636
CWE-ID CWE-284
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		mariadb (Alpine package)
Operating systems & Components / Operating system package or component

Vendor Alpine Linux Development Team

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper Access Control

EUVDB-ID: #VU10285

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3636

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within Client programs component. A local user can exploit the vulnerability to gain full access to MySQL databases.

Mitigation

Install update from vendor's website.

Vulnerable software versions

mariadb (Alpine package): 10.1.22-r0

External links

http://git.alpinelinux.org/aports/commit/?id=1079181bed96dff7b7fa1d2dc1d5078a74bea57c
http://git.alpinelinux.org/aports/commit/?id=554b79ccc6d0e166375b91621bcbc7df1295d5e2
http://git.alpinelinux.org/aports/commit/?id=dabe70c14a6dc73f4b332972355e8aa5daee9306
http://git.alpinelinux.org/aports/commit/?id=9fa7d359185495458ec31f6eaf5cf3d7b4f793df


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###