Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2017-3636 |
CWE-ID | CWE-284 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
mariadb (Alpine package) Operating systems & Components / Operating system package or component |
Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU10285
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-3636
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability exists due to an unspecified error in the MySQL Server within Client programs component. A local user can exploit the vulnerability to gain full access to MySQL databases.
MitigationInstall update from vendor's website.
Vulnerable software versionsmariadb (Alpine package): 10.1.22-r0
External linkshttp://git.alpinelinux.org/aports/commit/?id=1079181bed96dff7b7fa1d2dc1d5078a74bea57c
http://git.alpinelinux.org/aports/commit/?id=554b79ccc6d0e166375b91621bcbc7df1295d5e2
http://git.alpinelinux.org/aports/commit/?id=dabe70c14a6dc73f4b332972355e8aa5daee9306
http://git.alpinelinux.org/aports/commit/?id=9fa7d359185495458ec31f6eaf5cf3d7b4f793df
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.