Gentoo update for MySQL



Risk Medium
Patch available YES
Number of vulnerabilities 51
CVE-ID CVE-2017-10155
CVE-2017-10227
CVE-2017-10268
CVE-2017-10276
CVE-2017-10283
CVE-2017-10286
CVE-2017-10294
CVE-2017-10314
CVE-2017-10378
CVE-2017-10379
CVE-2017-10384
CVE-2017-3308
CVE-2017-3309
CVE-2017-3329
CVE-2017-3450
CVE-2017-3452
CVE-2017-3453
CVE-2017-3456
CVE-2017-3461
CVE-2017-3462
CVE-2017-3463
CVE-2017-3464
CVE-2017-3599
CVE-2017-3600
CVE-2017-3633
CVE-2017-3634
CVE-2017-3635
CVE-2017-3636
CVE-2017-3637
CVE-2017-3641
CVE-2017-3647
CVE-2017-3648
CVE-2017-3649
CVE-2017-3651
CVE-2017-3652
CVE-2017-3653
CVE-2017-3732
CVE-2018-2562
CVE-2018-2573
CVE-2018-2583
CVE-2018-2590
CVE-2018-2591
CVE-2018-2612
CVE-2018-2622
CVE-2018-2640
CVE-2018-2645
CVE-2018-2647
CVE-2018-2665
CVE-2018-2668
CVE-2018-2696
CVE-2018-2703
CWE-ID CWE-284
CWE-200
CWE-264
CWE-20
CWE-77
CWE-310
Exploitation vector Network
Public exploit Public exploit code for vulnerability #23 is available.
Vulnerable software
Subscribe 		Gentoo Linux
Operating systems & Components / Operating system

Vendor Gentoo

Security Bulletin

This security bulletin contains information about 51 vulnerabilities.

1) Denial of service

EUVDB-ID: #VU8990

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10155

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Denial of service

EUVDB-ID: #VU8994

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10227

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote high-privileged attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Information disclosure

EUVDB-ID: #VU8995

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10268

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local high-privileged attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). A local attacker can gain unauthorized access to critical data or complete access to all MySQL Server accessible data.

Successful exploitation of the vulnerability results in information disclosure.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Denial of service

EUVDB-ID: #VU8996

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10276

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote low-privileged attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Denial of service

EUVDB-ID: #VU8999

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10283

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote low-privileged attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Denial of service

EUVDB-ID: #VU9001

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10286

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote high-privileged attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Denial of service

EUVDB-ID: #VU9002

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10294

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote low-privileged attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Denial of service

EUVDB-ID: #VU9006

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10314

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote high-privileged attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Denial of service

EUVDB-ID: #VU9009

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10378

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote low-privileged attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Information disclosure

EUVDB-ID: #VU9010

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10379

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote low-privileged attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). A remote attacker can gain unauthorized access to critical data or complete access to all MySQL Server accessible data.

Successful exploitation of the vulnerability results in information disclosure.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Denial of service

EUVDB-ID: #VU9011

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-10384

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote low-privileged attacker to cause DoS condition on the target system.

The weakness exists due to an error in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). A remote attacker can use multiple protocols to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Security restrictions bypass

EUVDB-ID: #VU6686

Risk: Low

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3308

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Security restrictions bypass

EUVDB-ID: #VU6685

Risk: Low

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3309

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper input validation

EUVDB-ID: #VU11099

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3329

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists due to improper input validation within the Thread Pooling subcomponent. A remote attacker can send a specially crated MySQL packet to the affected server and cause it to crash.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Security restrictions bypass

EUVDB-ID: #VU6689

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3450

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Security restrictions bypass

EUVDB-ID: #VU12241

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3452

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Security restrictions bypass

EUVDB-ID: #VU6688

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3453

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Security restrictions bypass

EUVDB-ID: #VU6687

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3456

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Security restrictions bypass

EUVDB-ID: #VU6682

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3461

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Security restrictions bypass

EUVDB-ID: #VU6680

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3462

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Security restrictions bypass

EUVDB-ID: #VU6681

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3463

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Security restrictions bypass

EUVDB-ID: #VU6683

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3464

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to write arbitrary files on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can update, insert or delete some of MySQL Server accessible data.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Security restrictions bypass

EUVDB-ID: #VU6690

Risk: Low

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-3599

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in MySQL Server due to improper security restrictions. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

24) Command injection

EUVDB-ID: #VU11101

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3600

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell or SQL commands on the target system.

The weakness exists due to command injection. A remote authenticated attacker can execute arbitrary shell or SQL commands.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper Access Control

EUVDB-ID: #VU10282

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3633

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within Memcached component. A remote unauthenticated attacker can exploit the vulnerability to modify certain data on the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper Access Control

EUVDB-ID: #VU10283

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3634

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within DML component. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper Access Control

EUVDB-ID: #VU10284

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3635

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within C API component. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper Access Control

EUVDB-ID: #VU10285

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3636

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within Client programs component. A local user can exploit the vulnerability to gain full access to MySQL databases.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Improper Access Control

EUVDB-ID: #VU10287

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3637

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within X Plugin component. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper Access Control

EUVDB-ID: #VU10290

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3641

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within DML component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper Access Control

EUVDB-ID: #VU10298

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3647

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within Replication component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Improper Access Control

EUVDB-ID: #VU10297

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3648

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within Charsets component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Improper Access Control

EUVDB-ID: #VU10299

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3649

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within Replication component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Improper Access Control

EUVDB-ID: #VU10300

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3651

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within Client mysqldump component. A remote authenticated attacker can exploit the vulnerability to perform unauthorized modification of data.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Improper Access Control

EUVDB-ID: #VU10301

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3652

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within DDL component. A remote authenticated attacker can exploit the vulnerability to gain access unauthorized access and modify data.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Improper Access Control

EUVDB-ID: #VU10303

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3653

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server within DDL component. A remote authenticated attacker can exploit the vulnerability to perform unauthorized modification of data.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Information disclosure

EUVDB-ID: #VU5442

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3732

CWE-ID: CWE-310 - Cryptographic Issues

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to propagating error in the x86_64 Montgomery squaring procedure. A remote attacker with access to unpatched vulnerable system that uses a shared private key with Diffie-Hellman (DH) parameters set can gain unauthorized access to sensitive private key information.

According to vendor’s advisory, this vulnerability is unlikely to be exploited in real-world attacks, as it requires significant resources and online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients.

Vulnerability exploitation against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Improper Access Control

EUVDB-ID: #VU10263

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2562

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server. A remote authenticated attacker can exploit the vulnerability to modify certain data on the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper input validation

EUVDB-ID: #VU10268

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2573

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Improper input validation

EUVDB-ID: #VU10264

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2583

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server. A remote privileged user can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Improper input validation

EUVDB-ID: #VU10280

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2590

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server. A remote privileged user can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Improper input validation

EUVDB-ID: #VU10273

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2591

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server. A remote privileged user can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Improper Access Control

EUVDB-ID: #VU10265

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2612

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server. A remote privileged user can exploit the vulnerability to modify or delete certain data in database.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Improper input validation

EUVDB-ID: #VU10267

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2622

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Improper input validation

EUVDB-ID: #VU10269

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2640

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Information Exposure

EUVDB-ID: #VU10281

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2645

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to an unspecified error in the MySQL Server. A remote privileged user can exploit the vulnerability to gain access to sensitive information.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Improper Access Control

EUVDB-ID: #VU10272

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2647

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server. A remote privileged user can exploit the vulnerability to modify certain data on the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Improper input validation

EUVDB-ID: #VU10270

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2665

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Improper input validation

EUVDB-ID: #VU10271

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2668

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Improper input validation

EUVDB-ID: #VU10262

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2696

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server. A remote unauthenticated attacker can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Improper input validation

EUVDB-ID: #VU10266

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-2703

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability exists due to an unspecified error in the MySQL Server. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.

Mitigation

Update the affected packages.
dev-db/mysql to version: 5.6.39

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/glsa/201802-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###