#VU9011 Denial of service


Published: 2017-10-31

Vulnerability identifier: #VU9011

Vulnerability risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10384

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: No

Vulnerable software:

Vendor:

Description
The vulnerability allows a remote low-privileged attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

Mitigation
Install update from vendor's website.

Vulnerable software versions

: 5.5.48 - 5.5.57, 5.6.10 - 5.6.34, 5.7.11 - 5.7.16

:

:

External links
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Red Hat update for mariadb
Gentoo update for MySQL
Amazon Linux AMI update for mysql56, mysql57
Amazon Linux AMI update for mysql55
SUSE Linux update for mysql
Ubuntu update for MySQL
OpenSUSE Linux update for mysql-community-server
Ubuntu update for MySQL
Debian update for mysql-5.5
Multiple vulnerabilities in Oracle MySQL