#VU9010 Information disclosure


Published: 2017-10-31

Vulnerability identifier: #VU9010

Vulnerability risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10379

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:

Vendor:

Description
The vulnerability allows a remote low-privileged attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). A remote attacker can gain unauthorized access to critical data or complete access to all MySQL Server accessible data.

Successful exploitation of the vulnerability results in information disclosure.

Mitigation
Install update from vendor's website.

Vulnerable software versions

: 5.5.48 - 5.5.57, 5.6.10 - 5.6.34, 5.7.11 - 5.7.16

:

:

External links
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Red Hat update for mariadb
Gentoo update for MySQL
Amazon Linux AMI update for mysql56, mysql57
Amazon Linux AMI update for mysql55
SUSE Linux update for mysql
Ubuntu update for MySQL
OpenSUSE Linux update for mysql-community-server
Ubuntu update for MySQL
Debian update for mysql-5.5
Multiple vulnerabilities in Oracle MySQL