Main Vulnerability Database SB2018052008

SB2018052008 - Security restrictions bypass in mariadb (Alpine package)

Published: May 20, 2018

Security Bulletin ID SB2018052008

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Security restrictions bypass (CVE-ID: CVE-2018-2787)

The vulnerability allows a remote authenticated attacker to write arbitrary files and cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can update, insert or delete some of MySQL Server accessible data and cause the service to crash.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=ad3cd4ee72556149a46fca74da139cc7424bc58a
https://git.alpinelinux.org/aports/commit/?id=ec4a02c42dea8323d84536c79a6af0fc421ed261
https://git.alpinelinux.org/aports/commit/?id=28850b3a43930dcaba7ce82fa55bb53853cf412d