ID CVE-2017-10284
Summary Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Stored Procedure). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
References
Vulnerable Configurations
  • Oracle MySQL 5.7.18
    cpe:2.3:a:oracle:mysql:5.7.18
CVSS
Base: 4.0
Impact:
Exploitability:
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_C41BEDFDB3F911E7AC58B499BAEBFEAF.NASL
    description Oracle reports : Please reference CVE/URL list for details
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 103954
    published 2017-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103954
    title FreeBSD : MySQL -- multiple vulnerabilities (c41bedfd-b3f9-11e7-ac58-b499baebfeaf)
  • NASL family Databases
    NASL id MYSQL_5_7_19.NASL
    description The version of MySQL running on the remote host is 5.7.x prior to 5.7.19. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the UDF component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3529) - An unspecified flaw exists in the Memcached component that allows an unauthenticated, remote attacker to impact integrity and availability. (CVE-2017-3633) - Multiple unspecified flaws exist in the DML component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3634, CVE-2017-3639, CVE-2017-3640, CVE-2017-3641, CVE-2017-3643, CVE-2017-3644, CVE-2017-10296) - An unspecified flaw exists in the Connector/C and C API components that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3635) - An unspecified flaw exists in the X Plugin component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3637) - Multiple unspecified flaws exist in the Optimizer component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3638, CVE-2017-3642, CVE-2017-3645, CVE-2017-10279) - Multiple unspecified flaws exist in the Replication component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3647, CVE-2017-3649) - An unspecified flaw exists in the Charsets component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3648) - An unspecified flaw exists in the C API component that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-3650) - An unspecified flaw exists in the Client mysqldump component that allows an authenticated, remote attacker to impact integrity. (CVE-2017-3651) - Multiple unspecified flaws exist in the DDL component that allow an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-3652, CVE-2017-3653) - An unspecified flaw exists in the OpenSSL Encryption component that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-3731) - An unspecified flaw exists in the Stored Procedure component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-10284) - An unspecified flaw exists in the InnoDB component that allows an authenticated, remote attacker to cause a denial of service condition or to modify the contents of the MySQL database. (CVE-2017-10365) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 101821
    published 2017-07-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101821
    title MySQL 5.7.x < 5.7.19 Multiple Vulnerabilities (July 2017 CPU) (October 2017 CPU)
  • NASL family Databases
    NASL id MYSQL_5_7_19_RPM.NASL
    description The version of MySQL running on the remote host is 5.7.x prior to 5.7.19. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the UDF component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3529) - An unspecified flaw exists in the Memcached component that allows an unauthenticated, remote attacker to impact integrity and availability. (CVE-2017-3633) - Multiple unspecified flaws exist in the DML component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3634, CVE-2017-3639, CVE-2017-3640, CVE-2017-3641, CVE-2017-3643, CVE-2017-3644, CVE-2017-10296) - An unspecified flaw exists in the Connector/C and C API components that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3635) - An unspecified flaw exists in the X Plugin component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3637) - Multiple unspecified flaws exist in the Optimizer component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3638, CVE-2017-3642, CVE-2017-3645, CVE-2017-10279) - Multiple unspecified flaws exist in the Replication component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3647, CVE-2017-3649) - An unspecified flaw exists in the Charsets component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3648) - An unspecified flaw exists in the C API component that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-3650) - An unspecified flaw exists in the Client mysqldump component that allows an authenticated, remote attacker to impact integrity. (CVE-2017-3651) - Multiple unspecified flaws exist in the DDL component that allow an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-3652, CVE-2017-3653) - An unspecified flaw exists in the OpenSSL Encryption component that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-3731) - An unspecified flaw exists in the Stored Procedure component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-10284) - An unspecified flaw exists in the InnoDB component that allows an authenticated, remote attacker to cause a denial of service condition or to modify the contents of the MySQL database. (CVE-2017-10365) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 101979
    published 2017-07-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101979
    title MySQL 5.7.x < 5.7.19 Multiple Vulnerabilities (RPM Check) (July 2017 CPU) (October 2017 CPU)
redhat via4
advisories
rhsa
id RHSA-2017:3442
refmap via4
bid 101385
confirm
sectrack 1039597
Last major update 19-10-2017 - 13:29
Published 19-10-2017 - 13:29
Last modified 13-12-2017 - 21:29
Back to Top