Amazon Linux AMI update for mysql55
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2017-3648 CVE-2017-3641 CVE-2017-3636 CVE-2017-3635 CVE-2017-3651 CVE-2017-3653 CVE-2017-3652 |
| CWE-ID | CWE-284 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Amazon Linux AMI Operating systems & Components / Operating system |
| Vendor | Amazon Web Services |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Improper Access Control
EUVDB-ID: #VU10297
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-3648
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability exists due to an unspecified error in the MySQL Server within Charsets component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.
MitigationUpdate the affected packages.
i686:Vulnerable software versions
mysql55-bench-5.5.57-1.18.amzn1.i686
mysql55-test-5.5.57-1.18.amzn1.i686
mysql55-embedded-devel-5.5.57-1.18.amzn1.i686
mysql55-devel-5.5.57-1.18.amzn1.i686
mysql55-server-5.5.57-1.18.amzn1.i686
mysql55-debuginfo-5.5.57-1.18.amzn1.i686
mysql55-libs-5.5.57-1.18.amzn1.i686
mysql55-embedded-5.5.57-1.18.amzn1.i686
mysql55-5.5.57-1.18.amzn1.i686
mysql-config-5.5.57-1.18.amzn1.i686
src:
mysql55-5.5.57-1.18.amzn1.src
x86_64:
mysql55-debuginfo-5.5.57-1.18.amzn1.x86_64
mysql55-libs-5.5.57-1.18.amzn1.x86_64
mysql55-test-5.5.57-1.18.amzn1.x86_64
mysql55-5.5.57-1.18.amzn1.x86_64
mysql55-embedded-devel-5.5.57-1.18.amzn1.x86_64
mysql-config-5.5.57-1.18.amzn1.x86_64
mysql55-embedded-5.5.57-1.18.amzn1.x86_64
mysql55-bench-5.5.57-1.18.amzn1.x86_64
mysql55-server-5.5.57-1.18.amzn1.x86_64
mysql55-devel-5.5.57-1.18.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2017-887.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Access Control
EUVDB-ID: #VU10290
Risk: Low
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-3641
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability exists due to an unspecified error in the MySQL Server within DML component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.
MitigationUpdate the affected packages.
i686:Vulnerable software versions
mysql55-bench-5.5.57-1.18.amzn1.i686
mysql55-test-5.5.57-1.18.amzn1.i686
mysql55-embedded-devel-5.5.57-1.18.amzn1.i686
mysql55-devel-5.5.57-1.18.amzn1.i686
mysql55-server-5.5.57-1.18.amzn1.i686
mysql55-debuginfo-5.5.57-1.18.amzn1.i686
mysql55-libs-5.5.57-1.18.amzn1.i686
mysql55-embedded-5.5.57-1.18.amzn1.i686
mysql55-5.5.57-1.18.amzn1.i686
mysql-config-5.5.57-1.18.amzn1.i686
src:
mysql55-5.5.57-1.18.amzn1.src
x86_64:
mysql55-debuginfo-5.5.57-1.18.amzn1.x86_64
mysql55-libs-5.5.57-1.18.amzn1.x86_64
mysql55-test-5.5.57-1.18.amzn1.x86_64
mysql55-5.5.57-1.18.amzn1.x86_64
mysql55-embedded-devel-5.5.57-1.18.amzn1.x86_64
mysql-config-5.5.57-1.18.amzn1.x86_64
mysql55-embedded-5.5.57-1.18.amzn1.x86_64
mysql55-bench-5.5.57-1.18.amzn1.x86_64
mysql55-server-5.5.57-1.18.amzn1.x86_64
mysql55-devel-5.5.57-1.18.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2017-887.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper Access Control
EUVDB-ID: #VU10285
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-3636
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability exists due to an unspecified error in the MySQL Server within Client programs component. A local user can exploit the vulnerability to gain full access to MySQL databases.
MitigationUpdate the affected packages.
i686:Vulnerable software versions
mysql55-bench-5.5.57-1.18.amzn1.i686
mysql55-test-5.5.57-1.18.amzn1.i686
mysql55-embedded-devel-5.5.57-1.18.amzn1.i686
mysql55-devel-5.5.57-1.18.amzn1.i686
mysql55-server-5.5.57-1.18.amzn1.i686
mysql55-debuginfo-5.5.57-1.18.amzn1.i686
mysql55-libs-5.5.57-1.18.amzn1.i686
mysql55-embedded-5.5.57-1.18.amzn1.i686
mysql55-5.5.57-1.18.amzn1.i686
mysql-config-5.5.57-1.18.amzn1.i686
src:
mysql55-5.5.57-1.18.amzn1.src
x86_64:
mysql55-debuginfo-5.5.57-1.18.amzn1.x86_64
mysql55-libs-5.5.57-1.18.amzn1.x86_64
mysql55-test-5.5.57-1.18.amzn1.x86_64
mysql55-5.5.57-1.18.amzn1.x86_64
mysql55-embedded-devel-5.5.57-1.18.amzn1.x86_64
mysql-config-5.5.57-1.18.amzn1.x86_64
mysql55-embedded-5.5.57-1.18.amzn1.x86_64
mysql55-bench-5.5.57-1.18.amzn1.x86_64
mysql55-server-5.5.57-1.18.amzn1.x86_64
mysql55-devel-5.5.57-1.18.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2017-887.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper Access Control
EUVDB-ID: #VU10284
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-3635
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability exists due to an unspecified error in the MySQL Server within C API component. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.
MitigationUpdate the affected packages.
i686:Vulnerable software versions
mysql55-bench-5.5.57-1.18.amzn1.i686
mysql55-test-5.5.57-1.18.amzn1.i686
mysql55-embedded-devel-5.5.57-1.18.amzn1.i686
mysql55-devel-5.5.57-1.18.amzn1.i686
mysql55-server-5.5.57-1.18.amzn1.i686
mysql55-debuginfo-5.5.57-1.18.amzn1.i686
mysql55-libs-5.5.57-1.18.amzn1.i686
mysql55-embedded-5.5.57-1.18.amzn1.i686
mysql55-5.5.57-1.18.amzn1.i686
mysql-config-5.5.57-1.18.amzn1.i686
src:
mysql55-5.5.57-1.18.amzn1.src
x86_64:
mysql55-debuginfo-5.5.57-1.18.amzn1.x86_64
mysql55-libs-5.5.57-1.18.amzn1.x86_64
mysql55-test-5.5.57-1.18.amzn1.x86_64
mysql55-5.5.57-1.18.amzn1.x86_64
mysql55-embedded-devel-5.5.57-1.18.amzn1.x86_64
mysql-config-5.5.57-1.18.amzn1.x86_64
mysql55-embedded-5.5.57-1.18.amzn1.x86_64
mysql55-bench-5.5.57-1.18.amzn1.x86_64
mysql55-server-5.5.57-1.18.amzn1.x86_64
mysql55-devel-5.5.57-1.18.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2017-887.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper Access Control
EUVDB-ID: #VU10300
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-3651
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability exists due to an unspecified error in the MySQL Server within Client mysqldump component. A remote authenticated attacker can exploit the vulnerability to perform unauthorized modification of data.
MitigationUpdate the affected packages.
i686:Vulnerable software versions
mysql55-bench-5.5.57-1.18.amzn1.i686
mysql55-test-5.5.57-1.18.amzn1.i686
mysql55-embedded-devel-5.5.57-1.18.amzn1.i686
mysql55-devel-5.5.57-1.18.amzn1.i686
mysql55-server-5.5.57-1.18.amzn1.i686
mysql55-debuginfo-5.5.57-1.18.amzn1.i686
mysql55-libs-5.5.57-1.18.amzn1.i686
mysql55-embedded-5.5.57-1.18.amzn1.i686
mysql55-5.5.57-1.18.amzn1.i686
mysql-config-5.5.57-1.18.amzn1.i686
src:
mysql55-5.5.57-1.18.amzn1.src
x86_64:
mysql55-debuginfo-5.5.57-1.18.amzn1.x86_64
mysql55-libs-5.5.57-1.18.amzn1.x86_64
mysql55-test-5.5.57-1.18.amzn1.x86_64
mysql55-5.5.57-1.18.amzn1.x86_64
mysql55-embedded-devel-5.5.57-1.18.amzn1.x86_64
mysql-config-5.5.57-1.18.amzn1.x86_64
mysql55-embedded-5.5.57-1.18.amzn1.x86_64
mysql55-bench-5.5.57-1.18.amzn1.x86_64
mysql55-server-5.5.57-1.18.amzn1.x86_64
mysql55-devel-5.5.57-1.18.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2017-887.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper Access Control
EUVDB-ID: #VU10303
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-3653
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability exists due to an unspecified error in the MySQL Server within DDL component. A remote authenticated attacker can exploit the vulnerability to perform unauthorized modification of data.
MitigationUpdate the affected packages.
i686:Vulnerable software versions
mysql55-bench-5.5.57-1.18.amzn1.i686
mysql55-test-5.5.57-1.18.amzn1.i686
mysql55-embedded-devel-5.5.57-1.18.amzn1.i686
mysql55-devel-5.5.57-1.18.amzn1.i686
mysql55-server-5.5.57-1.18.amzn1.i686
mysql55-debuginfo-5.5.57-1.18.amzn1.i686
mysql55-libs-5.5.57-1.18.amzn1.i686
mysql55-embedded-5.5.57-1.18.amzn1.i686
mysql55-5.5.57-1.18.amzn1.i686
mysql-config-5.5.57-1.18.amzn1.i686
src:
mysql55-5.5.57-1.18.amzn1.src
x86_64:
mysql55-debuginfo-5.5.57-1.18.amzn1.x86_64
mysql55-libs-5.5.57-1.18.amzn1.x86_64
mysql55-test-5.5.57-1.18.amzn1.x86_64
mysql55-5.5.57-1.18.amzn1.x86_64
mysql55-embedded-devel-5.5.57-1.18.amzn1.x86_64
mysql-config-5.5.57-1.18.amzn1.x86_64
mysql55-embedded-5.5.57-1.18.amzn1.x86_64
mysql55-bench-5.5.57-1.18.amzn1.x86_64
mysql55-server-5.5.57-1.18.amzn1.x86_64
mysql55-devel-5.5.57-1.18.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2017-887.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper Access Control
EUVDB-ID: #VU10301
Risk: Low
CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-3652
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability exists due to an unspecified error in the MySQL Server within DDL component. A remote authenticated attacker can exploit the vulnerability to gain access unauthorized access and modify data.
MitigationUpdate the affected packages.
i686:Vulnerable software versions
mysql55-bench-5.5.57-1.18.amzn1.i686
mysql55-test-5.5.57-1.18.amzn1.i686
mysql55-embedded-devel-5.5.57-1.18.amzn1.i686
mysql55-devel-5.5.57-1.18.amzn1.i686
mysql55-server-5.5.57-1.18.amzn1.i686
mysql55-debuginfo-5.5.57-1.18.amzn1.i686
mysql55-libs-5.5.57-1.18.amzn1.i686
mysql55-embedded-5.5.57-1.18.amzn1.i686
mysql55-5.5.57-1.18.amzn1.i686
mysql-config-5.5.57-1.18.amzn1.i686
src:
mysql55-5.5.57-1.18.amzn1.src
x86_64:
mysql55-debuginfo-5.5.57-1.18.amzn1.x86_64
mysql55-libs-5.5.57-1.18.amzn1.x86_64
mysql55-test-5.5.57-1.18.amzn1.x86_64
mysql55-5.5.57-1.18.amzn1.x86_64
mysql55-embedded-devel-5.5.57-1.18.amzn1.x86_64
mysql-config-5.5.57-1.18.amzn1.x86_64
mysql55-embedded-5.5.57-1.18.amzn1.x86_64
mysql55-bench-5.5.57-1.18.amzn1.x86_64
mysql55-server-5.5.57-1.18.amzn1.x86_64
mysql55-devel-5.5.57-1.18.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2017-887.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
