cnvd - cnvd-2017-08240

cnvd-2017-08240

Vulnerability from cnvd

Title: Oracle MySQL Cluster拒绝服务漏洞

Description:

Oracle MySQL是美国甲骨文（Oracle）公司的一套开源的关系数据库管理系统。Oracle MySQL Cluster是其中的一个适用于分布式计算环境的高实用、高冗余版本。

Oracle MySQL中的MySQL Cluster组件的Cluster:DD子组件存在拒绝服务漏洞。攻击者可利用该漏洞执行未授权更新、插入或删除数据，造成拒绝服务，影响数据的完整性和可用性。

Severity: 中

Patch Name: Oracle MySQL Cluster拒绝服务漏洞的补丁

Patch Description:

Oracle MySQL是美国甲骨文（Oracle）公司的一套开源的关系数据库管理系统。Oracle MySQL Cluster是其中的一个适用于分布式计算环境的高实用、高冗余版本。

Oracle MySQL中的MySQL Cluster组件的Cluster:DD子组件存在拒绝服务漏洞。攻击者可利用该漏洞执行未授权更新、插入或删除数据，造成拒绝服务，影响数据的完整性和可用性。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可参考如下厂商提供的安全补丁以修复该漏洞： http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

Reference: http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html https://nvd.nist.gov/vuln/detail/CVE-2017-3304 http://www.securityfocus.com/bid/97815

Impacted products

Name
['Oracle MySQL Cluster <=7.2.27', 'Oracle MySQL Cluster <=7.3.16', 'Oracle MySQL Cluster <=7.4.14', 'Oracle MySQL Cluster <=7.5.5']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97815"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-3304"
    }
  },
  "description": "Oracle MySQL\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u5173\u7cfb\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u3002Oracle MySQL Cluster\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u9002\u7528\u4e8e\u5206\u5e03\u5f0f\u8ba1\u7b97\u73af\u5883\u7684\u9ad8\u5b9e\u7528\u3001\u9ad8\u5197\u4f59\u7248\u672c\u3002\r\n\r\nOracle MySQL\u4e2d\u7684MySQL Cluster\u7ec4\u4ef6\u7684Cluster:DD\u5b50\u7ec4\u4ef6\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u672a\u6388\u6743\u66f4\u65b0\u3001\u63d2\u5165\u6216\u5220\u9664\u6570\u636e\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff0c\u5f71\u54cd\u6570\u636e\u7684\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027\u3002",
  "discovererName": "Oracle",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-08240",
  "openTime": "2017-06-05",
  "patchDescription": "Oracle MySQL\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u5173\u7cfb\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u3002Oracle MySQL Cluster\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u9002\u7528\u4e8e\u5206\u5e03\u5f0f\u8ba1\u7b97\u73af\u5883\u7684\u9ad8\u5b9e\u7528\u3001\u9ad8\u5197\u4f59\u7248\u672c\u3002\r\n\r\nOracle MySQL\u4e2d\u7684MySQL Cluster\u7ec4\u4ef6\u7684Cluster:DD\u5b50\u7ec4\u4ef6\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u672a\u6388\u6743\u66f4\u65b0\u3001\u63d2\u5165\u6216\u5220\u9664\u6570\u636e\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff0c\u5f71\u54cd\u6570\u636e\u7684\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Oracle MySQL Cluster\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Oracle  MySQL Cluster  \u003c=7.2.27",
      "Oracle  MySQL Cluster \u003c=7.3.16",
      "Oracle  MySQL Cluster \u003c=7.4.14",
      "Oracle  MySQL Cluster \u003c=7.5.5"
    ]
  },
  "referenceLink": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3304\r\nhttp://www.securityfocus.com/bid/97815",
  "serverity": "\u4e2d",
  "submitTime": "2017-05-11",
  "title": "Oracle MySQL Cluster\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2017-3304 (GCVE-0-2017-3304)

Vulnerability from cvelistv5

Published

2017-04-24 19:00

Modified

2024-10-07 16:22

Severity ?

CWE

Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster.

Summary

Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: DD). Supported versions that are affected are 7.2.27 and earlier, 7.3.16 and earlier, 7.4.14 and earlier and 7.5.5 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).

References

▼	URL	Tags
	http://www.securitytracker.com/id/1038287	vdb-entry, x_refsource_SECTRACK
	http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/97815	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	Oracle Corporation	MySQL Cluster	Version: 7.2.27 and earlier Version: 7.3.16 and earlier Version: 7.4.14 and earlier Version: 7.5.5 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:23:33.925Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038287",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038287"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
          },
          {
            "name": "97815",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97815"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-3304",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-07T15:46:22.685340Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-07T16:22:36.029Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Cluster",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.27 and earlier"
            },
            {
              "status": "affected",
              "version": "7.3.16 and earlier"
            },
            {
              "status": "affected",
              "version": "7.4.14 and earlier"
            },
            {
              "status": "affected",
              "version": "7.5.5 and earlier"
            }
          ]
        }
      ],
      "datePublic": "2017-04-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: DD). Supported versions that are affected are 7.2.27 and earlier, 7.3.16 and earlier, 7.4.14 and earlier and 7.5.5 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T09:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "1038287",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038287"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
        },
        {
          "name": "97815",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97815"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2017-3304",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MySQL Cluster",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "7.2.27 and earlier"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.3.16 and earlier"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.4.14 and earlier"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.5.5 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: DD). Supported versions that are affected are 7.2.27 and earlier, 7.3.16 and earlier, 7.4.14 and earlier and 7.5.5 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038287",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038287"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
            },
            {
              "name": "97815",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97815"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2017-3304",
    "datePublished": "2017-04-24T19:00:00",
    "dateReserved": "2016-12-06T00:00:00",
    "dateUpdated": "2024-10-07T16:22:36.029Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted