ID CVE-2018-2696
Summary Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:mysql:5.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.0:*:*:*:enterprise:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.9:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.10:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.11:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.12:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.13:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.13:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.14:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.14:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.15:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.15:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.16:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.16:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.17:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.17:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.18:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.18:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.19:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.19:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.20:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.20:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.21:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.21:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.22:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.22:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.23:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.23:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.24:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.24:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.25:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.25:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.26:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.26:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.27:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.27:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.28:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.28:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.29:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.29:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.30:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.30:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.31:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.31:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.32:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.32:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.33:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.33:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.34:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.34:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.35:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.35:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.36:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.36:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.37:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.37:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.6.38:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.6.38:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.7.0:*:*:*:-:*:*:*
    cpe:2.3:a:oracle:mysql:5.7.0:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:mysql:5.7.0:*:*:*:community:*:*:*
    cpe:2.3:a:oracle:mysql:5.7.0:*:*:*:community:*:*:*
  • cpe:2.3:a:oracle:mysql:5.7.0:*:*:*:enterprise:*:*:*
    cpe:2.3:a:oracle:mysql:5.7.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:oracle:mysql:5.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.7.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.7.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.7.9:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.7.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.7.10:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.7.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.7.11:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.7.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.7.12:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.7.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.7.13:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.7.13:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.7.14:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.7.14:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.7.15:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.7.15:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.7.16:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.7.16:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.7.17:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.7.17:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.7.18:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.7.18:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.7.19:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.7.19:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql:5.7.20:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql:5.7.20:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 28-03-2018 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
redhat via4
advisories
  • rhsa
    id RHSA-2018:0586
  • rhsa
    id RHSA-2018:0587
rpms
  • rh-mysql57-mysql-0:5.7.21-2.el6.1
  • rh-mysql57-mysql-0:5.7.21-2.el7.1
  • rh-mysql57-mysql-common-0:5.7.21-2.el6.1
  • rh-mysql57-mysql-common-0:5.7.21-2.el7.1
  • rh-mysql57-mysql-config-0:5.7.21-2.el6.1
  • rh-mysql57-mysql-config-0:5.7.21-2.el7.1
  • rh-mysql57-mysql-debuginfo-0:5.7.21-2.el6.1
  • rh-mysql57-mysql-debuginfo-0:5.7.21-2.el7.1
  • rh-mysql57-mysql-devel-0:5.7.21-2.el6.1
  • rh-mysql57-mysql-devel-0:5.7.21-2.el7.1
  • rh-mysql57-mysql-errmsg-0:5.7.21-2.el6.1
  • rh-mysql57-mysql-errmsg-0:5.7.21-2.el7.1
  • rh-mysql57-mysql-server-0:5.7.21-2.el6.1
  • rh-mysql57-mysql-server-0:5.7.21-2.el7.1
  • rh-mysql57-mysql-test-0:5.7.21-2.el6.1
  • rh-mysql57-mysql-test-0:5.7.21-2.el7.1
  • rh-mysql56-mysql-0:5.6.39-1.el6.1
  • rh-mysql56-mysql-0:5.6.39-1.el7.1
  • rh-mysql56-mysql-bench-0:5.6.39-1.el6.1
  • rh-mysql56-mysql-bench-0:5.6.39-1.el7.1
  • rh-mysql56-mysql-common-0:5.6.39-1.el6.1
  • rh-mysql56-mysql-common-0:5.6.39-1.el7.1
  • rh-mysql56-mysql-config-0:5.6.39-1.el6.1
  • rh-mysql56-mysql-config-0:5.6.39-1.el7.1
  • rh-mysql56-mysql-debuginfo-0:5.6.39-1.el6.1
  • rh-mysql56-mysql-debuginfo-0:5.6.39-1.el7.1
  • rh-mysql56-mysql-devel-0:5.6.39-1.el6.1
  • rh-mysql56-mysql-devel-0:5.6.39-1.el7.1
  • rh-mysql56-mysql-errmsg-0:5.6.39-1.el6.1
  • rh-mysql56-mysql-errmsg-0:5.6.39-1.el7.1
  • rh-mysql56-mysql-server-0:5.6.39-1.el6.1
  • rh-mysql56-mysql-server-0:5.6.39-1.el7.1
  • rh-mysql56-mysql-test-0:5.6.39-1.el6.1
  • rh-mysql56-mysql-test-0:5.6.39-1.el7.1
refmap via4
bid 102701
confirm
sectrack 1040216
ubuntu USN-3537-1
Last major update 28-03-2018 - 01:29
Published 18-01-2018 - 02:29
Last modified 28-03-2018 - 01:29
Back to Top