ID CVE-2018-2767
Summary Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).
References
Vulnerable Configurations
  • Oracle MySQL 5.5.60
    cpe:2.3:a:oracle:mysql:5.5.60
  • Oracle MySQL 5.6.40
    cpe:2.3:a:oracle:mysql:5.6.40
  • Oracle MySQL 5.7.22
    cpe:2.3:a:oracle:mysql:5.7.22
CVSS
Base: 3.5
Impact:
Exploitability:
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4341.NASL
    description Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.1.37. Please see the MariaDB 10.1 Release Notes for further details : - https://mariadb.com/kb/en/mariadb/mariadb-10127-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10128-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10129-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10130-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10131-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10132-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10133-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10134-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10135-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10136-release- notes/ - https://mariadb.com/kb/en/mariadb/mariadb-10137-release- notes/
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 119040
    published 2018-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119040
    title Debian DSA-4341-1 : mariadb-10.1 - security update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-844.NASL
    description This update for mysql-community-server to version 5.6.41 fixes the following issues : Security vulnerabilities fixed : - CVE-2018-3064: Fixed an easily exploitable vulnerability that allowed a low privileged attacker with network access via multiple protocols to compromise the MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (bsc#1103342) - CVE-2018-3070: Fixed an easily exploitable vulnerability that allowed a low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (bsc#1101679) - CVE-2018-0739: Fixed a stack exhaustion in case of recursively constructed ASN.1 types. (boo#1087102) - CVE-2018-3062: Fixed a difficult to exploit vulnerability that allowed low privileged attacker with network access via memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (bsc#1103344) - CVE-2018-3081: Fixed a difficult to exploit vulnerability that allowed high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. (bsc#1101680) - CVE-2018-3058: Fixed an easily exploitable vulnerability that allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. (bsc#1101676) - CVE-2018-3066: Fixed a difficult to exploit vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. (bsc#1101678) - CVE-2018-2767: Fixed a difficult to exploit vulnerability that allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. (boo#1088681) You can find more detailed information about this update in the [release notes](http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-41.html )
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 111625
    published 2018-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111625
    title openSUSE Security Update : mysql-community-server (openSUSE-2018-844)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2439.NASL
    description An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085) Security Fix(es) : * mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) * mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) * mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) * mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) * mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) * mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) * mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562) * mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) * mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) * mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) * mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) * mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) * mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) * mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) * mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way. Consequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time. With this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation. (BZ#1584023)
    last seen 2019-02-21
    modified 2019-01-16
    plugin id 111802
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111802
    title RHEL 7 : mariadb (RHSA-2018:2439)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1337.NASL
    description According to the versions of the mariadb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) - mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) - mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) - mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) - mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) - mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) - mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) - mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) - mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) - mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) - mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) - mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) - mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 118425
    published 2018-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118425
    title EulerOS Virtualization 2.5.1 : mariadb (EulerOS-SA-2018-1337)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1303.NASL
    description According to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) - mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) - mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) - mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) - mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) - mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) - mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) - mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) - mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) - mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) - mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) - mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) - mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 117746
    published 2018-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117746
    title EulerOS 2.0 SP3 : mariadb (EulerOS-SA-2018-1303)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-2439.NASL
    description From Red Hat Security Advisory 2018:2439 : An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085) Security Fix(es) : * mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) * mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) * mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) * mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) * mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) * mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) * mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562) * mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) * mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) * mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) * mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) * mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) * mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) * mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) * mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way. Consequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time. With this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation. (BZ#1584023)
    last seen 2019-02-21
    modified 2019-01-16
    plugin id 111800
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111800
    title Oracle Linux 7 : mariadb (ELSA-2018-2439)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1346.NASL
    description According to the versions of the mariadb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) - mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) - mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) - mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) - mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) - mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) - mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) - mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) - mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) - mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) - mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) - mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) - mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 118434
    published 2018-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118434
    title EulerOS Virtualization 2.5.0 : mariadb (EulerOS-SA-2018-1346)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3725-1.NASL
    description Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.61 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.23. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-61.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-23.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247 .html. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 111510
    published 2018-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111510
    title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : mysql-5.5, mysql-5.7 vulnerabilities (USN-3725-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-2439.NASL
    description An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085) Security Fix(es) : * mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) * mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) * mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) * mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) * mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) * mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) * mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562) * mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) * mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) * mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) * mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) * mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) * mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) * mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) * mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way. Consequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time. With this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation. (BZ#1584023)
    last seen 2019-02-21
    modified 2019-01-16
    plugin id 112020
    published 2018-08-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112020
    title CentOS 7 : mariadb (CESA-2018:2439)
  • NASL family Databases
    NASL id MYSQL_5_5_61.NASL
    description The version of MySQL running on the remote host is 5.5.x prior to 5.5.61. It is, therefore, affected by multiple vulnerabilities as noted in the July 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-12-21
    plugin id 111153
    published 2018-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111153
    title MySQL 5.5.x < 5.5.61 Multiple Vulnerabilities (July 2018 CPU)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_909BE51B9B3B11E8ADD2B499BAEBFEAF.NASL
    description Oracle reports : Multiple vulnerabilities have been disclosed by Oracle without further detail. CVSS scores 7.1 - 2.7
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 111596
    published 2018-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111596
    title FreeBSD : MySQL -- multiple vulnerabilities (909be51b-9b3b-11e8-add2-b499baebfeaf)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-1069.NASL
    description Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.6.40 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3070) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.40 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2767) Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.6.40 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-3081) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.40 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3062) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected 5.6.40 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).(CVE-2018-3066) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-3064) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.6.40 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).(CVE-2018-3058)
    last seen 2019-02-21
    modified 2018-08-31
    plugin id 112096
    published 2018-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112096
    title Amazon Linux AMI : mysql56 (ALAS-2018-1069)
  • NASL family Databases
    NASL id MYSQL_5_7_23_RPM.NASL
    description The version of MySQL running on the remote host is 5.7.x prior to 5.7.23. It is, therefore, affected by multiple vulnerabilities as noted in the July 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-12-21
    plugin id 111158
    published 2018-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111158
    title MySQL 5.7.x < 5.7.23 Multiple Vulnerabilities (RPM Check) (July 2018 CPU)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1382-1.NASL
    description MariaDB was updated to 10.0.35 (bsc#1090518) Notable changes : - PCRE updated to 8.42 - XtraDB updated to 5.6.39-83.1 - TokuDB updated to 5.6.39-83.1 - InnoDB updated to 5.6.40 - The embedded server library now supports SSL when connecting to remote servers [bsc#1088681], [CVE-2018-2767] - MDEV-15249 - Crash in MVCC read after IMPORT TABLESPACE - MDEV-14988 - innodb_read_only tries to modify files if transactions were recovered in COMMITTED state - MDEV-14773 - DROP TABLE hangs for InnoDB table with FULLTEXT index - MDEV-15723 - Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES when accessing corrupted record - fixes for the following security vulnerabilities: CVE-2018-2782, CVE-2018-2784, CVE-2018-2787, CVE-2018-2766, CVE-2018-2755, CVE-2018-2819, CVE-2018-2817, CVE-2018-2761, CVE-2018-2781, CVE-2018-2771, CVE-2018-2813 - Release notes and changelog : - https://kb.askmonty.org/en/mariadb-10035-release-notes - https://kb.askmonty.org/en/mariadb-10035-changelog Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110089
    published 2018-05-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110089
    title SUSE SLES12 Security Update : mariadb (SUSE-SU-2018:1382-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-572.NASL
    description This update for mariadb to version 10.2.15 fixes the following issues : These security issues were fixed : - CVE-2018-2767: Enforse use of SSL/TLS in embedded server library (Return of BACKRONYM) (bsc#1088681). - CVE-2018-2786: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data (bsc#1089987). - CVE-2018-2759: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987). - CVE-2018-2777: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987). - CVE-2018-2810: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987). - CVE-2018-2782: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518). - CVE-2018-2784: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518). - CVE-2018-2787: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data (bsc#1089987, bsc#1090518). - CVE-2018-2766: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518). - CVE-2018-2755: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Difficult to exploit vulnerability allowed unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server (bsc#1089987, bsc#1090518). - CVE-2018-2819: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518). - CVE-2018-2817: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518). - CVE-2018-2761: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518). - CVE-2018-2781: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518). - CVE-2018-2771: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Difficult to exploit vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1089987, bsc#1090518). - CVE-2018-2813: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data (bsc#1089987, bsc#1090518). These non-security issues were fixed : - PCRE updated to 8.42 - Incomplete validation of missing tablespace during recovery - ib_buffer_pool unnecessarily includes the temporary tablespace - InnoDB may write uninitialized garbage to redo log - Virtual Columns: Assertion failed in dict_table_get_col_name - slow innodb startup/shutdown can exceed systemd timeout - Assertion failed in dict_check_sys_tables on upgrade from 5.5 - Change buffer crash during TRUNCATE or DROP TABLE - temporary table ROLLBACK fixes For additional details please see - https://mariadb.com/kb/en/library/mariadb-10215-release-notes - https://mariadb.com/kb/en/library/mariadb-10215-changelog
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 110408
    published 2018-06-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110408
    title openSUSE Security Update : mariadb (openSUSE-2018-572)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1302.NASL
    description According to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) - mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) - mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) - mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) - mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) - mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562) - mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) - mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) - mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) - mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) - mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) - mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) - mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 117745
    published 2018-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117745
    title EulerOS 2.0 SP2 : mariadb (EulerOS-SA-2018-1302)
  • NASL family Amazon Linux Local Security Checks
    NASL id AL2_ALAS-2018-1078.NASL
    description Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2017-10378 ) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2781) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-2562) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).(CVE-2017-3651) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).(CVE-2018-2755) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2640) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).(CVE-2017-10379 ) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).(CVE-2017-10268) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).(CVE-2017-3653) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2771) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2767) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2817) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2668) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2017-10384) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2017-3641) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2819) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2665) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2622) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2813) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).(CVE-2017-3636) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2761)
    last seen 2019-02-21
    modified 2018-09-19
    plugin id 117592
    published 2018-09-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117592
    title Amazon Linux 2 : mariadb (ALAS-2018-1078)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-F67FDA3DB6.NASL
    description **MySQL 5.7.23** Release notes https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-23.html CVEs fixed CVE-2018-2767 CVE-2018-3056 CVE-2018-3058 CVE-2018-3060 CVE-2018-3061 CVE-2018-3062 CVE-2018-3064 CVE-2018-3065 CVE-2018-3066 CVE-2018-3070 CVE-2018-3071 CVE-2018-3077 CVE-2018-3081 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120915
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120915
    title Fedora 28 : community-mysql (2018-f67fda3db6)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1566.NASL
    description Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.62, which includes additional changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details : https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-61.html https://www.oracle.com/technetwork/security-advisory/cpujul2018-425824 7.html https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-62.html https://www.oracle.com/technetwork/security-advisory/cpuoct2018-442829 6.html For Debian 8 'Jessie', these problems have been fixed in version 5.5.62-0+deb8u1. We recommend that you upgrade your mysql-5.5 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-06
    plugin id 118734
    published 2018-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118734
    title Debian DLA-1566-1 : mysql-5.5 security update
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-1068.NASL
    description Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).(CVE-2018-3066) Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-3081) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3070) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2767) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).(CVE-2018-3058) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3063)
    last seen 2019-02-21
    modified 2018-08-31
    plugin id 112095
    published 2018-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112095
    title Amazon Linux AMI : mysql55 (ALAS-2018-1068)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1781-2.NASL
    description MariaDB was updated to 10.0.35 (bsc#1090518) Notable changes : PCRE updated to 8.42 XtraDB updated to 5.6.39-83.1 TokuDB updated to 5.6.39-83.1 InnoDB updated to 5.6.40 The embedded server library now supports SSL when connecting to remote servers [bsc#1088681], [CVE-2018-2767] MDEV-15249 - Crash in MVCC read after IMPORT TABLESPACE MDEV-14988 - innodb_read_only tries to modify files if transactions were recovered in COMMITTED state MDEV-14773 - DROP TABLE hangs for InnoDB table with FULLTEXT index MDEV-15723 - Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES when accessing corrupted record fixes for the following security vulnerabilities: CVE-2018-2782, CVE-2018-2784, CVE-2018-2787, CVE-2018-2766, CVE-2018-2755, CVE-2018-2819, CVE-2018-2817, CVE-2018-2761, CVE-2018-2781, CVE-2018-2771, CVE-2018-2813 Release notes and changelog : - https://kb.askmonty.org/en/mariadb-10035-release-notes - https://kb.askmonty.org/en/mariadb-10035-changelog Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 118270
    published 2018-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118270
    title SUSE SLES12 Security Update : mariadb (SUSE-SU-2018:1781-2)
  • NASL family Databases
    NASL id MYSQL_5_7_23.NASL
    description The version of MySQL running on the remote host is 5.7.x prior to 5.7.23 It is, therefore, affected by multiple vulnerabilities as noted in the July 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-12-21
    plugin id 111157
    published 2018-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111157
    title MySQL 5.7.x < 5.7.23 Multiple Vulnerabilities (July 2018 CPU)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-3A3C660BFA.NASL
    description **MySQL 5.7.23** Release notes https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-23.html CVEs fixed CVE-2018-2767 CVE-2018-3056 CVE-2018-3058 CVE-2018-3060 CVE-2018-3061 CVE-2018-3062 CVE-2018-3064 CVE-2018-3065 CVE-2018-3066 CVE-2018-3070 CVE-2018-3071 CVE-2018-3077 CVE-2018-3081 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-09-12
    plugin id 117438
    published 2018-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117438
    title Fedora 27 : community-mysql (2018-3a3c660bfa)
  • NASL family Databases
    NASL id MYSQL_5_5_61_RPM.NASL
    description The version of MySQL running on the remote host is 5.5.x prior to 5.5.61. It is, therefore, affected by multiple vulnerabilities as noted in the July 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-12-21
    plugin id 111154
    published 2018-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111154
    title MySQL 5.5.x < 5.5.61 Multiple Vulnerabilities (RPM Check) (July 2018 CPU)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-668.NASL
    description This update for MariaDB to version 10.0.35 fixes multiple issues: Security issues fixed : - CVE-2018-2782: Unspecified DoS vulnerability in InnoDB (bsc#1090518) - CVE-2018-2784: Unspecified DoS vulnerability in InnoDB (bsc#1090518) - CVE-2018-2787: Unspecified vulnerability in InnoDB allowing writes (bsc#1090518) - CVE-2018-2766: Unspecified DoS vulnerability InnoDB (bsc#1090518) - CVE-2018-2755: Unspecified vulnerability in Replication allowing server compromise (bsc#1090518) - CVE-2018-2819: Unspecified DoS vulnerability in InnoDB (bsc#1090518) - CVE-2018-2817: Unspecified DoS vulnerability in DDL (bsc#1090518) - CVE-2018-2761: Unspecified DoS vulnerability in Client programs (bsc#1090518) - CVE-2018-2781: Unspecified DoS vulnerability in Server/Optimizer (bsc#1090518) - CVE-2018-2771: Unspecified DoS vulnerability in the Server/Locking component (bsc#1090518) - CVE-2018-2813: Unspecified vulnerability in The DDL component allowing unauthorized reads (bsc#1090518) - CVE-2018-2767: The embedded server library now supports SSL when connecting to remote servers (bsc#1088681) The following changes are included : - XtraDB updated to 5.6.39-83.1 - TokuDB updated to 5.6.39-83.1 - InnoDB updated to 5.6.40 - Fix for Crash in MVCC read after IMPORT TABLESPACE - Fix for innodb_read_only trying to modify files if transactions were recovered in COMMITTED state - Fix for DROP TABLE hang on InnoDB table with FULLTEXT index - Fix for Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES whenaccessing corrupted record This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen 2019-02-21
    modified 2018-09-04
    plugin id 110679
    published 2018-06-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110679
    title openSUSE Security Update : mariadb (openSUSE-2018-668)
  • NASL family Databases
    NASL id MYSQL_5_6_41_RPM.NASL
    description The version of MySQL running on the remote host is 5.6.x prior to 5.6.41. It is, therefore, affected by multiple vulnerabilities as noted in the July 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-12-21
    plugin id 111156
    published 2018-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111156
    title MySQL 5.6.x < 5.6.41 Multiple Vulnerabilities (RPM Check) (April 2018 CPU)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20180816_MARIADB_ON_SL7_X.NASL
    description The following packages have been upgraded to a later upstream version: mariadb (5.5.60). Security Fix(es) : - mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) - mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) - mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) - mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) - mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) - mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) - mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562) - mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) - mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) - mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) - mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) - mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) - mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) - mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) - mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) Bug Fix(es) : - Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way. Consequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time. With this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation.
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 111806
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111806
    title Scientific Linux Security Update : mariadb on SL7.x x86_64
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-1070.NASL
    description Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3077) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-3064) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2767) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3062) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).(CVE-2018-3058) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-3056) Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-3081) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3065) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3071) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3061) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).(CVE-2018-3060) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3054) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-3070) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).(CVE-2018-3066)
    last seen 2019-02-21
    modified 2018-08-31
    plugin id 112097
    published 2018-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112097
    title Amazon Linux AMI : mysql57 (ALAS-2018-1070)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-77E610115A.NASL
    description **MariaDB 10.2.17 ** Release notes : https://mariadb.com/kb/en/library/mariadb-10217-release-notes/ CVEs fixed : CVE-2018-3060 CVE-2018-3064 CVE-2018-3063 CVE-2018-3058 CVE-2018-3066 CVE-2018-3081 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120543
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120543
    title Fedora 28 : 3:mariadb (2018-77e610115a)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-D1C4A4CA50.NASL
    description **MariaDB 10.2.17 ** Release notes : https://mariadb.com/kb/en/library/mariadb-10217-release-notes/ CVEs fixed : CVE-2018-3060 CVE-2018-3064 CVE-2018-3063 CVE-2018-3058 CVE-2018-3066 CVE-2018-3081 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-09-04
    plugin id 112235
    published 2018-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112235
    title Fedora 27 : 3:mariadb (2018-d1c4a4ca50)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1781-1.NASL
    description MariaDB was updated to 10.0.35 (bsc#1090518) Notable changes : - PCRE updated to 8.42 - XtraDB updated to 5.6.39-83.1 - TokuDB updated to 5.6.39-83.1 - InnoDB updated to 5.6.40 - The embedded server library now supports SSL when connecting to remote servers [bsc#1088681], [CVE-2018-2767] - MDEV-15249 - Crash in MVCC read after IMPORT TABLESPACE - MDEV-14988 - innodb_read_only tries to modify files if transactions were recovered in COMMITTED state - MDEV-14773 - DROP TABLE hangs for InnoDB table with FULLTEXT index - MDEV-15723 - Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES when accessing corrupted record - fixes for the following security vulnerabilities: CVE-2018-2782, CVE-2018-2784, CVE-2018-2787, CVE-2018-2766, CVE-2018-2755, CVE-2018-2819, CVE-2018-2817, CVE-2018-2761, CVE-2018-2781, CVE-2018-2771, CVE-2018-2813 - Release notes and changelog : - https://kb.askmonty.org/en/mariadb-10035-release-notes - https://kb.askmonty.org/en/mariadb-10035-changelog Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110682
    published 2018-06-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110682
    title SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2018:1781-1)
redhat via4
advisories
  • rhsa
    id RHSA-2018:2439
  • rhsa
    id RHSA-2018:2729
rpms
  • mariadb-1:5.5.60-1.el7_5
  • mariadb-bench-1:5.5.60-1.el7_5
  • mariadb-devel-1:5.5.60-1.el7_5
  • mariadb-embedded-1:5.5.60-1.el7_5
  • mariadb-embedded-devel-1:5.5.60-1.el7_5
  • mariadb-libs-1:5.5.60-1.el7_5
  • mariadb-server-1:5.5.60-1.el7_5
  • mariadb-test-1:5.5.60-1.el7_5
refmap via4
bid 103954
confirm
debian DSA-4341
mlist [debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update
sectrack 1041294
ubuntu
  • USN-3725-1
  • USN-3725-2
Last major update 18-07-2018 - 09:29
Published 18-07-2018 - 09:29
Last modified 02-10-2019 - 20:03
Back to Top