Debian update for mysql-5.5
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2017-3635 CVE-2017-3636 CVE-2017-3641 CVE-2017-3648 CVE-2017-3651 CVE-2017-3652 CVE-2017-3653 |
| CWE-ID | CWE-284 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
mysql-5.5 (Debian package) Operating systems & Components / Operating system package or component |
| Vendor | Debian |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Improper Access Control
EUVDB-ID: #VU10284
Risk: Low
CVSSv4.0: 2.3 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3635
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability exists due to an unspecified error in the MySQL Server within C API component. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.
MitigationUpdate the affected package to version: 5.5.57-0+deb8u1.
Vulnerable software versionsmysql-5.5 (Debian package): 5.5.13-1 - 5.5.55-0+deb8u1
CPE2.3- cpe:2.3:o:debian:mysql-5_5_debian_package:5.5.13-1:*:*:*:*:debian_linux:*:*
- cpe:2.3:o:debian:mysql-5_5_debian_package:5.5.17-1:*:*:*:*:debian_linux:*:*
- cpe:2.3:o:debian:mysql-5_5_debian_package:5.5.17-2:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2018/dsa-3922
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Access Control
EUVDB-ID: #VU10285
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3636
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability exists due to an unspecified error in the MySQL Server within Client programs component. A local user can exploit the vulnerability to gain full access to MySQL databases.
MitigationUpdate the affected package to version: 5.5.57-0+deb8u1.
Vulnerable software versionsmysql-5.5 (Debian package): 5.5.13-1 - 5.5.55-0+deb8u1
CPE2.3- cpe:2.3:o:debian:mysql-5_5_debian_package:5.5.13-1:*:*:*:*:debian_linux:*:*
- cpe:2.3:o:debian:mysql-5_5_debian_package:5.5.17-1:*:*:*:*:debian_linux:*:*
- cpe:2.3:o:debian:mysql-5_5_debian_package:5.5.17-2:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2018/dsa-3922
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper Access Control
EUVDB-ID: #VU10290
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3641
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability exists due to an unspecified error in the MySQL Server within DML component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.
MitigationUpdate the affected package to version: 5.5.57-0+deb8u1.
Vulnerable software versionsmysql-5.5 (Debian package): 5.5.13-1 - 5.5.55-0+deb8u1
CPE2.3- cpe:2.3:o:debian:mysql-5_5_debian_package:5.5.13-1:*:*:*:*:debian_linux:*:*
- cpe:2.3:o:debian:mysql-5_5_debian_package:5.5.17-1:*:*:*:*:debian_linux:*:*
- cpe:2.3:o:debian:mysql-5_5_debian_package:5.5.17-2:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2018/dsa-3922
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper Access Control
EUVDB-ID: #VU10297
Risk: Low
CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3648
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability exists due to an unspecified error in the MySQL Server within Charsets component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.
MitigationUpdate the affected package to version: 5.5.57-0+deb8u1.
Vulnerable software versionsmysql-5.5 (Debian package): 5.5.13-1 - 5.5.55-0+deb8u1
CPE2.3- cpe:2.3:o:debian:mysql-5_5_debian_package:5.5.13-1:*:*:*:*:debian_linux:*:*
- cpe:2.3:o:debian:mysql-5_5_debian_package:5.5.17-1:*:*:*:*:debian_linux:*:*
- cpe:2.3:o:debian:mysql-5_5_debian_package:5.5.17-2:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2018/dsa-3922
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper Access Control
EUVDB-ID: #VU10300
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3651
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability exists due to an unspecified error in the MySQL Server within Client mysqldump component. A remote authenticated attacker can exploit the vulnerability to perform unauthorized modification of data.
MitigationUpdate the affected package to version: 5.5.57-0+deb8u1.
Vulnerable software versionsmysql-5.5 (Debian package): 5.5.13-1 - 5.5.55-0+deb8u1
CPE2.3- cpe:2.3:o:debian:mysql-5_5_debian_package:5.5.13-1:*:*:*:*:debian_linux:*:*
- cpe:2.3:o:debian:mysql-5_5_debian_package:5.5.17-1:*:*:*:*:debian_linux:*:*
- cpe:2.3:o:debian:mysql-5_5_debian_package:5.5.17-2:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2018/dsa-3922
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper Access Control
EUVDB-ID: #VU10301
Risk: Low
CVSSv4.0: 0.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3652
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability exists due to an unspecified error in the MySQL Server within DDL component. A remote authenticated attacker can exploit the vulnerability to gain access unauthorized access and modify data.
MitigationUpdate the affected package to version: 5.5.57-0+deb8u1.
Vulnerable software versionsmysql-5.5 (Debian package): 5.5.13-1 - 5.5.55-0+deb8u1
CPE2.3- cpe:2.3:o:debian:mysql-5_5_debian_package:5.5.13-1:*:*:*:*:debian_linux:*:*
- cpe:2.3:o:debian:mysql-5_5_debian_package:5.5.17-1:*:*:*:*:debian_linux:*:*
- cpe:2.3:o:debian:mysql-5_5_debian_package:5.5.17-2:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2018/dsa-3922
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper Access Control
EUVDB-ID: #VU10303
Risk: Low
CVSSv4.0: 0.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3653
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability exists due to an unspecified error in the MySQL Server within DDL component. A remote authenticated attacker can exploit the vulnerability to perform unauthorized modification of data.
MitigationUpdate the affected package to version: 5.5.57-0+deb8u1.
Vulnerable software versionsmysql-5.5 (Debian package): 5.5.13-1 - 5.5.55-0+deb8u1
CPE2.3- cpe:2.3:o:debian:mysql-5_5_debian_package:5.5.13-1:*:*:*:*:debian_linux:*:*
- cpe:2.3:o:debian:mysql-5_5_debian_package:5.5.17-1:*:*:*:*:debian_linux:*:*
- cpe:2.3:o:debian:mysql-5_5_debian_package:5.5.17-2:*:*:*:*:debian_linux:*:*
https://www.debian.org/security/2018/dsa-3922
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
