Improper Access Control in mariadb (Alpine package)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-3636 |
| CWE-ID | CWE-284 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
mariadb (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper Access Control
EUVDB-ID: #VU10285
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3636
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability exists due to an unspecified error in the MySQL Server within Client programs component. A local user can exploit the vulnerability to gain full access to MySQL databases.
MitigationInstall update from vendor's website.
Vulnerable software versionsmariadb (Alpine package): 10.1.22-r0
CPE2.3 External linkshttps://git.alpinelinux.org/aports/commit/?id=1079181bed96dff7b7fa1d2dc1d5078a74bea57c
https://git.alpinelinux.org/aports/commit/?id=554b79ccc6d0e166375b91621bcbc7df1295d5e2
https://git.alpinelinux.org/aports/commit/?id=dabe70c14a6dc73f4b332972355e8aa5daee9306
https://git.alpinelinux.org/aports/commit/?id=9fa7d359185495458ec31f6eaf5cf3d7b4f793df
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
