Gentoo update for MySQL

1) Denial of service

EUVDB-ID: #VU8990

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10155

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Denial of service

EUVDB-ID: #VU8994

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10227

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a remote high-privileged attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Information disclosure

EUVDB-ID: #VU8995

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10268

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local high-privileged attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). A local attacker can gain unauthorized access to critical data or complete access to all MySQL Server accessible data.

Successful exploitation of the vulnerability results in information disclosure.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Denial of service

EUVDB-ID: #VU8996

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10276

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a remote low-privileged attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Denial of service

EUVDB-ID: #VU8999

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10283

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a remote low-privileged attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Denial of service

EUVDB-ID: #VU9001

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10286

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a remote high-privileged attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Denial of service

EUVDB-ID: #VU9002

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10294

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a remote low-privileged attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Denial of service

EUVDB-ID: #VU9006

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10314

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a remote high-privileged attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Denial of service

EUVDB-ID: #VU9009

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10378

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a remote low-privileged attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Information disclosure

EUVDB-ID: #VU9010

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10379

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a remote low-privileged attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). A remote attacker can gain unauthorized access to critical data or complete access to all MySQL Server accessible data.

Successful exploitation of the vulnerability results in information disclosure.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Denial of service

EUVDB-ID: #VU9011

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10384

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a remote low-privileged attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Security restrictions bypass

EUVDB-ID: #VU6686

Risk: Low

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3308

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Security restrictions bypass

EUVDB-ID: #VU6685

Risk: Low

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3309

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper input validation

EUVDB-ID: #VU11099

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3329

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists due to improper input validation within the Thread Pooling subcomponent. A remote attacker can send a specially crated MySQL packet to the affected server and cause it to crash.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Security restrictions bypass

EUVDB-ID: #VU6689

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3450

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Security restrictions bypass

EUVDB-ID: #VU12241

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3452

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Security restrictions bypass

EUVDB-ID: #VU6688

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3453

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Security restrictions bypass

EUVDB-ID: #VU6687

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3456

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Security restrictions bypass

EUVDB-ID: #VU6682

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3461

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Security restrictions bypass

EUVDB-ID: #VU6680

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3462

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Security restrictions bypass

EUVDB-ID: #VU6681

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3463

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Security restrictions bypass

EUVDB-ID: #VU6683

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3464

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

The vulnerability allows a remote authenticated attacker to write arbitrary files on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can update, insert or delete some of MySQL Server accessible data.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Security restrictions bypass

EUVDB-ID: #VU6690

Risk: Low

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-3599

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

24) Command injection

EUVDB-ID: #VU11101

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3600

CWE-ID: CWE-77 - Command injection

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary shell or SQL commands on the target system.

The weakness exists due to command injection. A remote authenticated attacker can execute arbitrary shell or SQL commands.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper Access Control

EUVDB-ID: #VU10282

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3633

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability exists due to an unspecified error in the MySQL Server within Memcached component. A remote unauthenticated attacker can exploit the vulnerability to modify certain data on the system and perform a denial of service (DoS) attack.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper Access Control

EUVDB-ID: #VU10283

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3634

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability exists due to an unspecified error in the MySQL Server within DML component. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper Access Control

EUVDB-ID: #VU10284

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3635

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability exists due to an unspecified error in the MySQL Server within C API component. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper Access Control

EUVDB-ID: #VU10285

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3636

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability exists due to an unspecified error in the MySQL Server within Client programs component. A local user can exploit the vulnerability to gain full access to MySQL databases.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Improper Access Control

EUVDB-ID: #VU10287

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3637

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability exists due to an unspecified error in the MySQL Server within X Plugin component. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper Access Control

EUVDB-ID: #VU10290

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3641

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability exists due to an unspecified error in the MySQL Server within DML component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper Access Control

EUVDB-ID: #VU10298

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3647

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability exists due to an unspecified error in the MySQL Server within Replication component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Improper Access Control

EUVDB-ID: #VU10297

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3648

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability exists due to an unspecified error in the MySQL Server within Charsets component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Improper Access Control

EUVDB-ID: #VU10299

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3649

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability exists due to an unspecified error in the MySQL Server within Replication component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Improper Access Control

EUVDB-ID: #VU10300

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3651

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability exists due to an unspecified error in the MySQL Server within Client mysqldump component. A remote authenticated attacker can exploit the vulnerability to perform unauthorized modification of data.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Improper Access Control

EUVDB-ID: #VU10301

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3652

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability exists due to an unspecified error in the MySQL Server within DDL component. A remote authenticated attacker can exploit the vulnerability to gain access unauthorized access and modify data.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Improper Access Control

EUVDB-ID: #VU10303

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3653

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability exists due to an unspecified error in the MySQL Server within DDL component. A remote authenticated attacker can exploit the vulnerability to perform unauthorized modification of data.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Information disclosure

EUVDB-ID: #VU5442

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3732

CWE-ID: CWE-310 - Cryptographic Issues

Exploit availability: No

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to propagating error in the x86_64 Montgomery squaring procedure. A remote attacker with access to unpatched vulnerable system that uses a shared private key with Diffie-Hellman (DH) parameters set can gain unauthorized access to sensitive private key information.

According to vendor’s advisory, this vulnerability is unlikely to be exploited in real-world attacks, as it requires significant resources and online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients.

Vulnerability exploitation against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Improper Access Control

EUVDB-ID: #VU10263

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2562

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability exists due to an unspecified error in the MySQL Server. A remote authenticated attacker can exploit the vulnerability to modify certain data on the system and perform a denial of service (DoS) attack.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper input validation

EUVDB-ID: #VU10268

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2573

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability exists due to an unspecified error in the MySQL Server. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Improper input validation

EUVDB-ID: #VU10264

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2583

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability exists due to an unspecified error in the MySQL Server. A remote privileged user can exploit the vulnerability to perform a denial of service attack.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Improper input validation

EUVDB-ID: #VU10280

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2590

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability exists due to an unspecified error in the MySQL Server. A remote privileged user can exploit the vulnerability to perform a denial of service attack.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Improper input validation

EUVDB-ID: #VU10273

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2591

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability exists due to an unspecified error in the MySQL Server. A remote privileged user can exploit the vulnerability to perform a denial of service attack.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Improper Access Control

EUVDB-ID: #VU10265

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2612

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability exists due to an unspecified error in the MySQL Server. A remote privileged user can exploit the vulnerability to modify or delete certain data in database.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Improper input validation

EUVDB-ID: #VU10267

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2622

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability exists due to an unspecified error in the MySQL Server. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Improper input validation

EUVDB-ID: #VU10269

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2640

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability exists due to an unspecified error in the MySQL Server. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Information Exposure

EUVDB-ID: #VU10281

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2645

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to an unspecified error in the MySQL Server. A remote privileged user can exploit the vulnerability to gain access to sensitive information.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Improper Access Control

EUVDB-ID: #VU10272

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2647

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability exists due to an unspecified error in the MySQL Server. A remote privileged user can exploit the vulnerability to modify certain data on the system and perform a denial of service (DoS) attack.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Improper input validation

EUVDB-ID: #VU10270

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2665

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability exists due to an unspecified error in the MySQL Server. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Improper input validation

EUVDB-ID: #VU10271

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2668

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability exists due to an unspecified error in the MySQL Server. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Improper input validation

EUVDB-ID: #VU10262

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2696

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability exists due to an unspecified error in the MySQL Server. A remote unauthenticated attacker can exploit the vulnerability to perform a denial of service attack.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Improper input validation

EUVDB-ID: #VU10266

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2703

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability exists due to an unspecified error in the MySQL Server. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.

Update the affected packages.
dev-db/mysql to version: 5.6.39

Gentoo Linux: All versions

http://security.gentoo.org/glsa/201802-04

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.