Ubuntu update for MySQL
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 24 |
| CVE-ID | CVE-2017-3302 CVE-2017-3305 CVE-2017-3308 CVE-2017-3309 CVE-2017-3329 CVE-2017-3331 CVE-2017-3450 CVE-2017-3453 CVE-2017-3454 CVE-2017-3455 CVE-2017-3456 CVE-2017-3457 CVE-2017-3458 CVE-2017-3459 CVE-2017-3460 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3465 CVE-2017-3467 CVE-2017-3468 CVE-2017-3599 CVE-2017-3600 |
| CWE-ID | CWE-416 CWE-300 CWE-264 CWE-20 CWE-200 CWE-77 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #23 is available. |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 24 vulnerabilities.
1) Use-after-free error
EUVDB-ID: #VU6895
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3302
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to use-after-free error in the libmysqlclient.so. A remote attacker can cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Update the affected packages
Ubuntu: 14.04 - 17.04
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:17.04:*:*:*:*:*:*:*
https://www.ubuntu.com/usn/usn-3269-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Man-in-the-middle attack
EUVDB-ID: #VU11098
Risk: Low
CVSSv4.0: 2.3 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3305
CWE-ID:
CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to conduct man-in-the-middle attack on the target system.
The weakness exists due to checking only after authentication whether server supported SSL. A remote attacker can gain access to potentially sensitive information.
Update the affected packages
Ubuntu: 14.04 - 17.04
CPE2.3https://www.ubuntu.com/usn/usn-3269-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Security restrictions bypass
EUVDB-ID: #VU6686
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3308
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.
Update the affected packages
Ubuntu: 14.04 - 17.04
CPE2.3https://www.ubuntu.com/usn/usn-3269-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Security restrictions bypass
EUVDB-ID: #VU6685
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3309
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.
Update the affected packages
Ubuntu: 14.04 - 17.04
CPE2.3https://www.ubuntu.com/usn/usn-3269-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper input validation
EUVDB-ID: #VU11099
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-3329
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists due to improper input validation within the Thread Pooling subcomponent. A remote attacker can send a specially crated MySQL packet to the affected server and cause it to crash.
Update the affected packages
Ubuntu: 14.04 - 17.04
CPE2.3https://www.ubuntu.com/usn/usn-3269-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Security restrictions bypass
EUVDB-ID: #VU12240
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3331
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.
Update the affected packages
Ubuntu: 14.04 - 17.04
CPE2.3https://www.ubuntu.com/usn/usn-3269-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Security restrictions bypass
EUVDB-ID: #VU6689
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3450
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.
Update the affected packages
Ubuntu: 14.04 - 17.04
CPE2.3https://www.ubuntu.com/usn/usn-3269-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Security restrictions bypass
EUVDB-ID: #VU6688
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3453
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.
Update the affected packages
Ubuntu: 14.04 - 17.04
CPE2.3https://www.ubuntu.com/usn/usn-3269-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Security restrictions bypass
EUVDB-ID: #VU12242
Risk: Low
CVSSv4.0: 4.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3454
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to write arbitrary files and cause DoS condition on the target system.
The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can update, insert or delete some of MySQL Server accessible data and cause the service to crash.
Update the affected packages
Ubuntu: 14.04 - 17.04
CPE2.3https://www.ubuntu.com/usn/usn-3269-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Security restrictions bypass
EUVDB-ID: #VU12244
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3455
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to obtain potentially sensitive information and write arbitrary files on the target system.
The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can update, insert or delete some of MySQL Server accessible data and gain unauthorized read access to a subset of MySQL Server accessible data.
Update the affected packages
Ubuntu: 14.04 - 17.04
CPE2.3https://www.ubuntu.com/usn/usn-3269-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Security restrictions bypass
EUVDB-ID: #VU6687
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3456
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.
Update the affected packages
Ubuntu: 14.04 - 17.04
CPE2.3https://www.ubuntu.com/usn/usn-3269-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Security restrictions bypass
EUVDB-ID: #VU12247
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3457
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.
Update the affected packages
Ubuntu: 14.04 - 17.04
CPE2.3https://www.ubuntu.com/usn/usn-3269-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Security restrictions bypass
EUVDB-ID: #VU12246
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3458
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.
Update the affected packages
Ubuntu: 14.04 - 17.04
CPE2.3https://www.ubuntu.com/usn/usn-3269-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Security restrictions bypass
EUVDB-ID: #VU12248
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3459
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.
Update the affected packages
Ubuntu: 14.04 - 17.04
CPE2.3https://www.ubuntu.com/usn/usn-3269-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Security restrictions bypass
EUVDB-ID: #VU12245
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3460
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.
Update the affected packages
Ubuntu: 14.04 - 17.04
CPE2.3https://www.ubuntu.com/usn/usn-3269-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Security restrictions bypass
EUVDB-ID: #VU6682
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3461
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.
Update the affected packages
Ubuntu: 14.04 - 17.04
CPE2.3https://www.ubuntu.com/usn/usn-3269-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Security restrictions bypass
EUVDB-ID: #VU6680
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3462
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.
Update the affected packages
Ubuntu: 14.04 - 17.04
CPE2.3https://www.ubuntu.com/usn/usn-3269-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Security restrictions bypass
EUVDB-ID: #VU6681
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3463
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.
Update the affected packages
Ubuntu: 14.04 - 17.04
CPE2.3https://www.ubuntu.com/usn/usn-3269-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Security restrictions bypass
EUVDB-ID: #VU6683
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3464
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to write arbitrary files on the target system.
The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can update, insert or delete some of MySQL Server accessible data.
Update the affected packages
Ubuntu: 14.04 - 17.04
CPE2.3https://www.ubuntu.com/usn/usn-3269-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Security restrictions bypass
EUVDB-ID: #VU12249
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3465
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to write arbitrary files on the target system.
The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can update, insert or delete some of MySQL Server accessible data.
Update the affected packages
Ubuntu: 14.04 - 17.04
CPE2.3https://www.ubuntu.com/usn/usn-3269-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Information disclosure
EUVDB-ID: #VU12250
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3467
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can gain unauthorized read access to a subset of MySQL Server accessible data.
Update the affected packages
Ubuntu: 14.04 - 17.04
CPE2.3https://www.ubuntu.com/usn/usn-3269-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Security restrictions bypass
EUVDB-ID: #VU12254
Risk: Low
CVSSv4.0: 0.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3468
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to write arbitrary files on the target system.
The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can update, insert or delete some of MySQL Server accessible data.
Update the affected packages
Ubuntu: 14.04 - 17.04
CPE2.3https://www.ubuntu.com/usn/usn-3269-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Security restrictions bypass
EUVDB-ID: #VU6690
Risk: Low
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2017-3599
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.
Update the affected packages
Ubuntu: 14.04 - 17.04
CPE2.3https://www.ubuntu.com/usn/usn-3269-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
24) Command injection
EUVDB-ID: #VU11101
Risk: Low
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3600
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell or SQL commands on the target system.
The weakness exists due to command injection. A remote authenticated attacker can execute arbitrary shell or SQL commands.
Update the affected packages
Ubuntu: 14.04 - 17.04
CPE2.3https://www.ubuntu.com/usn/usn-3269-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
