Ubuntu update for MySQL



| Updated: 2018-01-29
Risk Medium
Patch available YES
Number of vulnerabilities 21
CVE-ID CVE-2017-3529
CVE-2017-3633
CVE-2017-3634
CVE-2017-3635
CVE-2017-3636
CVE-2017-3637
CVE-2017-3638
CVE-2017-3639
CVE-2017-3640
CVE-2017-3641
CVE-2017-3642
CVE-2017-3643
CVE-2017-3644
CVE-2017-3645
CVE-2017-3647
CVE-2017-3648
CVE-2017-3649
CVE-2017-3650
CVE-2017-3651
CVE-2017-3652
CVE-2017-3653
CWE-ID CWE-284
Exploitation vector Network
Public exploit N/A
Vulnerable software
 Ubuntu
Operating systems & Components / Operating system

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 21 vulnerabilities.

1) Improper Access Control

EUVDB-ID: #VU10286

Risk: Low

CVSSv4.0: 2.3 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-3529

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within UDF component. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.

Ubuntu 17.04:
mysql-server-5.7 5.7.19-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
mysql-server-5.7 5.7.19-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
mysql-server-5.5 5.5.57-0ubuntu0.14.04.1

Vulnerable software versions

Ubuntu: 14.04 - 17.04

CPE2.3 External links

https://www.ubuntu.com/usn/usn-3357-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Access Control

EUVDB-ID: #VU10282

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-3633

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within Memcached component. A remote unauthenticated attacker can exploit the vulnerability to modify certain data on the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.

Ubuntu 17.04:
mysql-server-5.7 5.7.19-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
mysql-server-5.7 5.7.19-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
mysql-server-5.5 5.5.57-0ubuntu0.14.04.1

Vulnerable software versions

Ubuntu: 14.04 - 17.04

CPE2.3 External links

https://www.ubuntu.com/usn/usn-3357-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper Access Control

EUVDB-ID: #VU10283

Risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-3634

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within DML component. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.

Ubuntu 17.04:
mysql-server-5.7 5.7.19-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
mysql-server-5.7 5.7.19-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
mysql-server-5.5 5.5.57-0ubuntu0.14.04.1

Vulnerable software versions

Ubuntu: 14.04 - 17.04

CPE2.3 External links

https://www.ubuntu.com/usn/usn-3357-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper Access Control

EUVDB-ID: #VU10284

Risk: Low

CVSSv4.0: 2.3 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-3635

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within C API component. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.

Ubuntu 17.04:
mysql-server-5.7 5.7.19-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
mysql-server-5.7 5.7.19-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
mysql-server-5.5 5.5.57-0ubuntu0.14.04.1

Vulnerable software versions

Ubuntu: 14.04 - 17.04

CPE2.3 External links

https://www.ubuntu.com/usn/usn-3357-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper Access Control

EUVDB-ID: #VU10285

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-3636

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within Client programs component. A local user can exploit the vulnerability to gain full access to MySQL databases.

Mitigation

Update the affected packages.

Ubuntu 17.04:
mysql-server-5.7 5.7.19-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
mysql-server-5.7 5.7.19-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
mysql-server-5.5 5.5.57-0ubuntu0.14.04.1

Vulnerable software versions

Ubuntu: 14.04 - 17.04

CPE2.3 External links

https://www.ubuntu.com/usn/usn-3357-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper Access Control

EUVDB-ID: #VU10287

Risk: Low

CVSSv4.0: 2.3 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-3637

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within X Plugin component. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.

Ubuntu 17.04:
mysql-server-5.7 5.7.19-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
mysql-server-5.7 5.7.19-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
mysql-server-5.5 5.5.57-0ubuntu0.14.04.1

Vulnerable software versions

Ubuntu: 14.04 - 17.04

CPE2.3 External links

https://www.ubuntu.com/usn/usn-3357-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper Access Control

EUVDB-ID: #VU10293

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-3638

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within Optimizer component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.

Ubuntu 17.04:
mysql-server-5.7 5.7.19-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
mysql-server-5.7 5.7.19-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
mysql-server-5.5 5.5.57-0ubuntu0.14.04.1

Vulnerable software versions

Ubuntu: 14.04 - 17.04

CPE2.3 External links

https://www.ubuntu.com/usn/usn-3357-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper Access Control

EUVDB-ID: #VU10288

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-3639

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within DML component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.

Ubuntu 17.04:
mysql-server-5.7 5.7.19-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
mysql-server-5.7 5.7.19-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
mysql-server-5.5 5.5.57-0ubuntu0.14.04.1

Vulnerable software versions

Ubuntu: 14.04 - 17.04

CPE2.3 External links

https://www.ubuntu.com/usn/usn-3357-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper Access Control

EUVDB-ID: #VU10289

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-3640

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within DML component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.

Ubuntu 17.04:
mysql-server-5.7 5.7.19-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
mysql-server-5.7 5.7.19-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
mysql-server-5.5 5.5.57-0ubuntu0.14.04.1

Vulnerable software versions

Ubuntu: 14.04 - 17.04

CPE2.3 External links

https://www.ubuntu.com/usn/usn-3357-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper Access Control

EUVDB-ID: #VU10290

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-3641

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within DML component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.

Ubuntu 17.04:
mysql-server-5.7 5.7.19-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
mysql-server-5.7 5.7.19-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
mysql-server-5.5 5.5.57-0ubuntu0.14.04.1

Vulnerable software versions

Ubuntu: 14.04 - 17.04

CPE2.3 External links

https://www.ubuntu.com/usn/usn-3357-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper Access Control

EUVDB-ID: #VU10294

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-3642

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within Optimizer component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.

Ubuntu 17.04:
mysql-server-5.7 5.7.19-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
mysql-server-5.7 5.7.19-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
mysql-server-5.5 5.5.57-0ubuntu0.14.04.1

Vulnerable software versions

Ubuntu: 14.04 - 17.04

CPE2.3 External links

https://www.ubuntu.com/usn/usn-3357-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper Access Control

EUVDB-ID: #VU10291

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-3643

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within DML component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.

Ubuntu 17.04:
mysql-server-5.7 5.7.19-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
mysql-server-5.7 5.7.19-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
mysql-server-5.5 5.5.57-0ubuntu0.14.04.1

Vulnerable software versions

Ubuntu: 14.04 - 17.04

CPE2.3 External links

https://www.ubuntu.com/usn/usn-3357-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper Access Control

EUVDB-ID: #VU10292

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-3644

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within DML component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.

Ubuntu 17.04:
mysql-server-5.7 5.7.19-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
mysql-server-5.7 5.7.19-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
mysql-server-5.5 5.5.57-0ubuntu0.14.04.1

Vulnerable software versions

Ubuntu: 14.04 - 17.04

CPE2.3 External links

https://www.ubuntu.com/usn/usn-3357-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper Access Control

EUVDB-ID: #VU10295

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-3645

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within Optimizer component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.

Ubuntu 17.04:
mysql-server-5.7 5.7.19-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
mysql-server-5.7 5.7.19-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
mysql-server-5.5 5.5.57-0ubuntu0.14.04.1

Vulnerable software versions

Ubuntu: 14.04 - 17.04

CPE2.3 External links

https://www.ubuntu.com/usn/usn-3357-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper Access Control

EUVDB-ID: #VU10298

Risk: Low

CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-3647

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within Replication component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.

Ubuntu 17.04:
mysql-server-5.7 5.7.19-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
mysql-server-5.7 5.7.19-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
mysql-server-5.5 5.5.57-0ubuntu0.14.04.1

Vulnerable software versions

Ubuntu: 14.04 - 17.04

CPE2.3 External links

https://www.ubuntu.com/usn/usn-3357-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper Access Control

EUVDB-ID: #VU10297

Risk: Low

CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-3648

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within Charsets component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.

Ubuntu 17.04:
mysql-server-5.7 5.7.19-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
mysql-server-5.7 5.7.19-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
mysql-server-5.5 5.5.57-0ubuntu0.14.04.1

Vulnerable software versions

Ubuntu: 14.04 - 17.04

CPE2.3 External links

https://www.ubuntu.com/usn/usn-3357-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper Access Control

EUVDB-ID: #VU10299

Risk: Low

CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-3649

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within Replication component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.

Ubuntu 17.04:
mysql-server-5.7 5.7.19-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
mysql-server-5.7 5.7.19-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
mysql-server-5.5 5.5.57-0ubuntu0.14.04.1

Vulnerable software versions

Ubuntu: 14.04 - 17.04

CPE2.3 External links

https://www.ubuntu.com/usn/usn-3357-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper Access Control

EUVDB-ID: #VU10302

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-3650

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within C API component. A remote unauthenticated attacker can exploit the vulnerability to gain access to potentially sensitive information.

Mitigation

Update the affected packages.

Ubuntu 17.04:
mysql-server-5.7 5.7.19-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
mysql-server-5.7 5.7.19-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
mysql-server-5.5 5.5.57-0ubuntu0.14.04.1

Vulnerable software versions

Ubuntu: 14.04 - 17.04

CPE2.3 External links

https://www.ubuntu.com/usn/usn-3357-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper Access Control

EUVDB-ID: #VU10300

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-3651

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within Client mysqldump component. A remote authenticated attacker can exploit the vulnerability to perform unauthorized modification of data.

Mitigation

Update the affected packages.

Ubuntu 17.04:
mysql-server-5.7 5.7.19-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
mysql-server-5.7 5.7.19-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
mysql-server-5.5 5.5.57-0ubuntu0.14.04.1

Vulnerable software versions

Ubuntu: 14.04 - 17.04

CPE2.3 External links

https://www.ubuntu.com/usn/usn-3357-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Improper Access Control

EUVDB-ID: #VU10301

Risk: Low

CVSSv4.0: 0.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-3652

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within DDL component. A remote authenticated attacker can exploit the vulnerability to gain access unauthorized access and modify data.

Mitigation

Update the affected packages.

Ubuntu 17.04:
mysql-server-5.7 5.7.19-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
mysql-server-5.7 5.7.19-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
mysql-server-5.5 5.5.57-0ubuntu0.14.04.1

Vulnerable software versions

Ubuntu: 14.04 - 17.04

CPE2.3 External links

https://www.ubuntu.com/usn/usn-3357-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper Access Control

EUVDB-ID: #VU10303

Risk: Low

CVSSv4.0: 0.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-3653

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within DDL component. A remote authenticated attacker can exploit the vulnerability to perform unauthorized modification of data.

Mitigation

Update the affected packages.

Ubuntu 17.04:
mysql-server-5.7 5.7.19-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
mysql-server-5.7 5.7.19-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
mysql-server-5.5 5.5.57-0ubuntu0.14.04.1

Vulnerable software versions

Ubuntu: 14.04 - 17.04

CPE2.3 External links

https://www.ubuntu.com/usn/usn-3357-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###