SB2018012204 - Multiple vulnerabilities in Oracle MySQL Server
Published: January 22, 2018 Updated: January 29, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 22 secuirty vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2018-2696)
The vulnerability exists due to an unspecified error in the MySQL Server. A remote unauthenticated attacker can exploit the vulnerability to perform a denial of service attack.
2) Improper Access Control (CVE-ID: CVE-2018-2562)
The vulnerability exists due to an unspecified error in the MySQL Server. A remote authenticated attacker can exploit the vulnerability to modify certain data on the system and perform a denial of service (DoS) attack.
3) Improper input validation (CVE-ID: CVE-2018-2583)
The vulnerability exists due to an unspecified error in the MySQL Server. A remote privileged user can exploit the vulnerability to perform a denial of service attack.
4) Improper Access Control (CVE-ID: CVE-2018-2612)
The vulnerability exists due to an unspecified error in the MySQL Server. A remote privileged user can exploit the vulnerability to modify or delete certain data in database.
5) Improper input validation (CVE-ID: CVE-2018-2703)
The vulnerability exists due to an unspecified error in the MySQL Server. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.
6) Improper input validation (CVE-ID: CVE-2018-2622)
The vulnerability exists due to an unspecified error in the MySQL Server. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.
7) Improper input validation (CVE-ID: CVE-2018-2573)
The vulnerability exists due to an unspecified error in the MySQL Server. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.
8) Improper input validation (CVE-ID: CVE-2018-2640)
The vulnerability exists due to an unspecified error in the MySQL Server. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.
9) Improper input validation (CVE-ID: CVE-2018-2665)
The vulnerability exists due to an unspecified error in the MySQL Server. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.
10) Improper input validation (CVE-ID: CVE-2018-2668)
The vulnerability exists due to an unspecified error in the MySQL Server. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.
11) Improper Access Control (CVE-ID: CVE-2018-2647)
The vulnerability exists due to an unspecified error in the MySQL Server. A remote privileged user can exploit the vulnerability to modify certain data on the system and perform a denial of service (DoS) attack.
12) Improper input validation (CVE-ID: CVE-2018-2591)
The vulnerability exists due to an unspecified error in the MySQL Server. A remote privileged user can exploit the vulnerability to perform a denial of service attack.
13) Improper input validation (CVE-ID: CVE-2018-2576)
The vulnerability exists due to an unspecified error in the MySQL Server. A remote privileged user can exploit the vulnerability to perform a denial of service attack.
14) Improper input validation (CVE-ID: CVE-2018-2586)
The vulnerability exists due to an unspecified error in the MySQL Server. A remote privileged user can exploit the vulnerability to perform a denial of service attack.
15) Improper input validation (CVE-ID: CVE-2018-2646)
The vulnerability exists due to an unspecified error in the MySQL Server. A remote privileged user can exploit the vulnerability to perform a denial of service attack.
16) Improper input validation (CVE-ID: CVE-2018-2565)
The vulnerability exists due to an unspecified error in the MySQL Server. A remote privileged user can exploit the vulnerability to perform a denial of service attack.
17) Improper input validation (CVE-ID: CVE-2018-2600)
The vulnerability exists due to an unspecified error in the MySQL Server. A remote privileged user can exploit the vulnerability to perform a denial of service attack.
18) Improper input validation (CVE-ID: CVE-2018-2667)
The vulnerability exists due to an unspecified error in the MySQL Server. A remote privileged user can exploit the vulnerability to perform a denial of service attack.
19) Improper input validation (CVE-ID: CVE-2018-2590)
The vulnerability exists due to an unspecified error in the MySQL Server. A remote privileged user can exploit the vulnerability to perform a denial of service attack.
20) Information Exposure (CVE-ID: CVE-2018-2645)
The vulnerability allows a remote attacker to obtain potentially sensitive information.The vulnerability exists due to an unspecified error in the MySQL Server. A remote privileged user can exploit the vulnerability to gain access to sensitive information.
21) Improper input validation (CVE-ID: CVE-2017-3737)
The vulnerability allows a remote attacker to gain access to potentially sensitive information on the target system.The weakness exists due to an "error state mechanism" when SSL_read() or SSL_write() is called directly after SSL object. A remote attacker can a specially crafted input, trigger a fatal error during a handshake and return it in the initial function call to access or modify sensitive information.
22) Buffer overflow (CVE-ID: CVE-2017-3738)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to buffer overflow in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. A remote attacker can cause the server to share the DH1024 private key among multiple clients and perform attack on TLS.
Remediation
Install update from vendor's website.