Amazon Linux AMI update for mysql57

Published: 2019-10-03

Risk	High
Patch available	YES
Number of vulnerabilities	3
CVE-ID	CVE-2019-2740 CVE-2019-2805 CVE-2019-3822
CWE-ID	CWE-284 CWE-121
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #3 is available.
Vulnerable software	Amazon Linux AMI Operating systems & Components / Operating system
Vendor	Amazon Web Services

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Improper access control

EUVDB-ID: #VU33431

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-2740

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Mitigation

Update the affected packages:

i686:
    mysql57-server-5.7.27-1.13.amzn1.i686
    mysql57-embedded-5.7.27-1.13.amzn1.i686
    mysql57-common-5.7.27-1.13.amzn1.i686
    mysql57-5.7.27-1.13.amzn1.i686
    mysql57-libs-5.7.27-1.13.amzn1.i686
    mysql57-debuginfo-5.7.27-1.13.amzn1.i686
    mysql57-errmsg-5.7.27-1.13.amzn1.i686
    mysql57-embedded-devel-5.7.27-1.13.amzn1.i686
    mysql57-test-5.7.27-1.13.amzn1.i686
    mysql57-devel-5.7.27-1.13.amzn1.i686

src:
    mysql57-5.7.27-1.13.amzn1.src

x86_64:
    mysql57-embedded-5.7.27-1.13.amzn1.x86_64
    mysql57-common-5.7.27-1.13.amzn1.x86_64
    mysql57-debuginfo-5.7.27-1.13.amzn1.x86_64
    mysql57-server-5.7.27-1.13.amzn1.x86_64
    mysql57-libs-5.7.27-1.13.amzn1.x86_64
    mysql57-devel-5.7.27-1.13.amzn1.x86_64
    mysql57-errmsg-5.7.27-1.13.amzn1.x86_64
    mysql57-embedded-devel-5.7.27-1.13.amzn1.x86_64
    mysql57-5.7.27-1.13.amzn1.x86_64
    mysql57-test-5.7.27-1.13.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2019-1297.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper access control

EUVDB-ID: #VU33433

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-2805

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Mitigation

Update the affected packages:

i686:
    mysql57-server-5.7.27-1.13.amzn1.i686
    mysql57-embedded-5.7.27-1.13.amzn1.i686
    mysql57-common-5.7.27-1.13.amzn1.i686
    mysql57-5.7.27-1.13.amzn1.i686
    mysql57-libs-5.7.27-1.13.amzn1.i686
    mysql57-debuginfo-5.7.27-1.13.amzn1.i686
    mysql57-errmsg-5.7.27-1.13.amzn1.i686
    mysql57-embedded-devel-5.7.27-1.13.amzn1.i686
    mysql57-test-5.7.27-1.13.amzn1.i686
    mysql57-devel-5.7.27-1.13.amzn1.i686

src:
    mysql57-5.7.27-1.13.amzn1.src

x86_64:
    mysql57-embedded-5.7.27-1.13.amzn1.x86_64
    mysql57-common-5.7.27-1.13.amzn1.x86_64
    mysql57-debuginfo-5.7.27-1.13.amzn1.x86_64
    mysql57-server-5.7.27-1.13.amzn1.x86_64
    mysql57-libs-5.7.27-1.13.amzn1.x86_64
    mysql57-devel-5.7.27-1.13.amzn1.x86_64
    mysql57-errmsg-5.7.27-1.13.amzn1.x86_64
    mysql57-embedded-devel-5.7.27-1.13.amzn1.x86_64
    mysql57-5.7.27-1.13.amzn1.x86_64
    mysql57-test-5.7.27-1.13.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2019-1297.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Stack-based buffer overflow

EUVDB-ID: #VU17456

Risk: High

CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2019-3822

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The vulnerability exists due to the NT LAN Manager (NTLM) Curl_auth_create_ntlm_type3_message function creates an outgoing NTLM type-3 header and generates the request HTTP header contents based on previously received data. A remote unauthenticated attacker can send very large ‘nt response’ output data, that has been extracted from a previous NTLMv2 header that was provided by a malicious or broken HTTP server, trigger stack-based buffer overflow and cause the service to crash or execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages:

i686:
    mysql57-server-5.7.27-1.13.amzn1.i686
    mysql57-embedded-5.7.27-1.13.amzn1.i686
    mysql57-common-5.7.27-1.13.amzn1.i686
    mysql57-5.7.27-1.13.amzn1.i686
    mysql57-libs-5.7.27-1.13.amzn1.i686
    mysql57-debuginfo-5.7.27-1.13.amzn1.i686
    mysql57-errmsg-5.7.27-1.13.amzn1.i686
    mysql57-embedded-devel-5.7.27-1.13.amzn1.i686
    mysql57-test-5.7.27-1.13.amzn1.i686
    mysql57-devel-5.7.27-1.13.amzn1.i686

src:
    mysql57-5.7.27-1.13.amzn1.src

x86_64:
    mysql57-embedded-5.7.27-1.13.amzn1.x86_64
    mysql57-common-5.7.27-1.13.amzn1.x86_64
    mysql57-debuginfo-5.7.27-1.13.amzn1.x86_64
    mysql57-server-5.7.27-1.13.amzn1.x86_64
    mysql57-libs-5.7.27-1.13.amzn1.x86_64
    mysql57-devel-5.7.27-1.13.amzn1.x86_64
    mysql57-errmsg-5.7.27-1.13.amzn1.x86_64
    mysql57-embedded-devel-5.7.27-1.13.amzn1.x86_64
    mysql57-5.7.27-1.13.amzn1.x86_64
    mysql57-test-5.7.27-1.13.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2019-1297.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.