Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS2-2018-1078
HistorySep 12, 2018 - 10:57 p.m.

Medium: mariadb

2018-09-1222:57:00
alas.aws.amazon.com
31

7.7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:P/A:C

0.003 Low

EPSS

Percentile

68.1%

JSON

Issue Overview:

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2017-10378 )

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2781)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).(CVE-2018-2562)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).(CVE-2017-3651)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).(CVE-2018-2755)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2640)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).(CVE-2017-10379 )

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).(CVE-2017-10268)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).(CVE-2017-3653)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2771)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2767)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2817)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2668)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2017-10384)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2017-3641)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2819)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2665)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2622)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).(CVE-2018-2813)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).(CVE-2017-3636)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2018-2761)

Affected Packages:

mariadb

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update mariadb to update your system.

New Packages:

i686:  
    mariadb-5.5.60-1.amzn2.i686  
    mariadb-libs-5.5.60-1.amzn2.i686  
    mariadb-server-5.5.60-1.amzn2.i686  
    mariadb-devel-5.5.60-1.amzn2.i686  
    mariadb-embedded-5.5.60-1.amzn2.i686  
    mariadb-embedded-devel-5.5.60-1.amzn2.i686  
    mariadb-bench-5.5.60-1.amzn2.i686  
    mariadb-test-5.5.60-1.amzn2.i686  
    mariadb-debuginfo-5.5.60-1.amzn2.i686  
  
src:  
    mariadb-5.5.60-1.amzn2.src  
  
x86_64:  
    mariadb-5.5.60-1.amzn2.x86_64  
    mariadb-libs-5.5.60-1.amzn2.x86_64  
    mariadb-server-5.5.60-1.amzn2.x86_64  
    mariadb-devel-5.5.60-1.amzn2.x86_64  
    mariadb-embedded-5.5.60-1.amzn2.x86_64  
    mariadb-embedded-devel-5.5.60-1.amzn2.x86_64  
    mariadb-bench-5.5.60-1.amzn2.x86_64  
    mariadb-test-5.5.60-1.amzn2.x86_64  
    mariadb-debuginfo-5.5.60-1.amzn2.x86_64

Additional References

Red Hat: CVE-2017-10268, CVE-2017-10378, CVE-2017-10379, CVE-2017-10384, CVE-2017-3636, CVE-2017-3641, CVE-2017-3651, CVE-2017-3653, CVE-2018-2562, CVE-2018-2622, CVE-2018-2640, CVE-2018-2665, CVE-2018-2668, CVE-2018-2755, CVE-2018-2761, CVE-2018-2767, CVE-2018-2771, CVE-2018-2781, CVE-2018-2813, CVE-2018-2817, CVE-2018-2819

Mitre: CVE-2017-10268, CVE-2017-10378, CVE-2017-10379, CVE-2017-10384, CVE-2017-3636, CVE-2017-3641, CVE-2017-3651, CVE-2017-3653, CVE-2018-2562, CVE-2018-2622, CVE-2018-2640, CVE-2018-2665, CVE-2018-2668, CVE-2018-2755, CVE-2018-2761, CVE-2018-2767, CVE-2018-2771, CVE-2018-2781, CVE-2018-2813, CVE-2018-2817, CVE-2018-2819

OSVersionArchitecturePackageVersionFilename
Amazon Linux2i686mariadb< 5.5.60-1.amzn2mariadb-5.5.60-1.amzn2.i686.rpm
Amazon Linux2i686mariadb-libs< 5.5.60-1.amzn2mariadb-libs-5.5.60-1.amzn2.i686.rpm
Amazon Linux2i686mariadb-server< 5.5.60-1.amzn2mariadb-server-5.5.60-1.amzn2.i686.rpm
Amazon Linux2i686mariadb-devel< 5.5.60-1.amzn2mariadb-devel-5.5.60-1.amzn2.i686.rpm
Amazon Linux2i686mariadb-embedded< 5.5.60-1.amzn2mariadb-embedded-5.5.60-1.amzn2.i686.rpm
Amazon Linux2i686mariadb-embedded-devel< 5.5.60-1.amzn2mariadb-embedded-devel-5.5.60-1.amzn2.i686.rpm
Amazon Linux2i686mariadb-bench< 5.5.60-1.amzn2mariadb-bench-5.5.60-1.amzn2.i686.rpm
Amazon Linux2i686mariadb-test< 5.5.60-1.amzn2mariadb-test-5.5.60-1.amzn2.i686.rpm
Amazon Linux2i686mariadb-debuginfo< 5.5.60-1.amzn2mariadb-debuginfo-5.5.60-1.amzn2.i686.rpm
Amazon Linux2x86_64mariadb< 5.5.60-1.amzn2mariadb-5.5.60-1.amzn2.x86_64.rpm
Rows per page:
1-10 of 181

Related

oraclelinux 1
openvas 54
nessus 81
ibm 1
centos 1
redhat 3
suse 6
debian 16
osv 11
ubuntu 3
altlinux 3
mageia 6
amazon 4
fedora 3
slackware 4
rosalinux 1
f5 1
oraclelinux
oraclelinux
mariadb security and bug fix update
2018-08-16 00:00:00
openvas
openvas
CentOS Update for mariadb CESA-2018:2439 centos7
2018-08-21 00:00:00
Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2018-1302)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2018-1346)
2020-01-23 00:00:00
nessus
nessus
Amazon Linux 2 : mariadb (ALAS-2018-1078)
2018-09-19 00:00:00
Scientific Linux Security Update : mariadb on SL7.x x86_64 (20180816)
2018-08-17 00:00:00
EulerOS Virtualization 2.5.1 : mariadb (EulerOS-SA-2018-1337)
2018-10-26 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in MariaDB affect PowerKVM
2018-12-17 14:30:02
centos
centos
mariadb security update
2018-08-21 01:08:00
redhat
redhat
(RHSA-2018:2439) Moderate: mariadb security and bug fix update
2018-08-16 12:46:48
(RHSA-2018:2729) Moderate: Red Hat Enterprise Linux OpenStack Platform security update
2018-09-19 17:36:53
(RHSA-2018:1254) Moderate: rh-mysql56-mysql security update
2018-04-26 06:59:23
suse
suse
Security update for mariadb (important)
2018-03-15 21:07:44
Security update for mysql (important)
2017-11-11 00:07:25
Security update for mariadb (important)
2018-03-15 21:07:15
debian
debian
[SECURITY] [DLA 1407-1] mariadb-10.0 security update
2018-06-29 08:42:02
[SECURITY] [DSA 4091-1] mysql-5.5 security update
2018-01-18 20:18:31
[SECURITY] [DLA 1250-1] mysql-5.5 security update
2018-01-19 19:08:57
osv
osv
mariadb-10.0 - security update
2018-06-29 00:00:00
mysql-5.5 - security update
2018-01-19 00:00:00
mysql-5.5 - security update
2018-01-18 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2018-01-25 00:00:00
MySQL vulnerabilities
2017-10-30 00:00:00
MySQL vulnerabilities
2018-04-25 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package mariadb version 10.1.33-alt1
2018-05-23 00:00:00
Security fix for the ALT Linux 8 package mariadb version 10.1.26-alt1
2017-09-14 00:00:00
Security fix for the ALT Linux 8 package mariadb version 10.1.29-alt1
2017-12-06 00:00:00
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2018-06-04 18:11:47
Updated mariadb packages fix security vulnerability
2018-02-25 02:25:24
Updated mariadb packages fix security vulnerabilities
2018-05-29 22:41:14
amazon
amazon
Medium: mysql55
2017-12-05 21:54:00
Medium: mysql55
2018-05-25 18:26:00
Medium: mysql56
2018-05-25 18:26:00
fedora
fedora
[SECURITY] Fedora 27 Update: mariadb-10.2.13-2.fc27
2018-03-13 23:26:09
[SECURITY] Fedora 28 Update: mariadb-10.2.13-2.fc28
2018-03-30 13:29:13
[SECURITY] Fedora 26 Update: mariadb-10.1.32-1.fc26
2018-04-02 12:34:31
slackware
slackware
[slackware-security] mariadb
2018-02-01 18:52:40
[slackware-security] mariadb
2018-05-10 21:14:32
[slackware-security] mariadb
2017-09-08 18:06:32
rosalinux
rosalinux
Advisory ROSA-SA-2023-2250
2023-10-21 13:39:47
f5
f5
K40317110 : MySQL vulnerabilities CVE-2017-10320, CVE-2017-10365, CVE-2017-10378, CVE-2017-10379, and CVE-2017-10384
2017-10-27 00:00:00

7.7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:P/A:C

0.003 Low

EPSS

Percentile

68.1%

JSON
Related for ALAS2-2018-1078
oraclelinux1openvas54nessus81ibm1centos1redhat3suse6debian16osv11ubuntu3altlinux3mageia6amazon4fedora3slackware4rosalinux1f51