| VID |
25240 |
| Severity |
40 |
| Port |
3306 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The version of MySQL running on the remote host is 5.7.x prior to 5.7.19. It is, therefore, affected by multiple vulnerabilities :
- An unspecified flaw exists in the UDF component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3529)
- An unspecified flaw exists in the Memcached component that allows an unauthenticated, remote attacker to impact integrity and availability. (CVE-2017-3633)
- Multiple unspecified flaws exist in the DML component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3634, CVE-2017-3639, CVE-2017-3640, CVE-2017-3641, CVE-2017-3643, CVE-2017-3644)
- An unspecified flaw exists in the Connector/C and C API components that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3635)
- An unspecified flaw exists in the X Plugin component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3637)
- Multiple unspecified flaws exist in the Optimizer component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3638, CVE-2017-3642, CVE-2017-3645)
- Multiple unspecified flaws exist in the Replication component that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3647, CVE-2017-3649)
- An unspecified flaw exists in the Charsets component that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3648)
- An unspecified flaw exists in the C API component that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-3650)
- An unspecified flaw exists in the Client mysqldump component that allows an authenticated, remote attacker to impact integrity. (CVE-2017-3651)
- Multiple unspecified flaws exist in the DDL component that allow an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-3652, CVE-2017-3653)
* References:
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-19.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3809960.xml |
| Recommendation |
Upgrade to the latest version of MySQL (5.7.19 or later), available from the MySQL Web site at http://www.mysql.com/ |
| Related URL |
CVE-2017-3529,CVE-2017-3633,CVE-2017-3634,CVE-2017-3635,CVE-2017-3637,CVE-2017-3638,CVE-2017-3639,CVE-2017-3640,CVE-2017-3641,CVE-2017-3642 (CVE) |
| Related URL |
99722,99729,99730,99746,99748,99753,99765,99767,99779,99772,99775,99778,99783,99789,99796,99799,99802,99805,99808,99810 (SecurityFocus) |
| Related URL |
(ISS) |
|
