Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.MYSQL_5_7_18.NASL
HistoryApr 20, 2017 - 12:00 a.m.

MySQL 5.7.x < 5.7.18 Multiple Vulnerabilities (April 2017 CPU) (July 2017 CPU)

2017-04-2000:00:00
This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
60
JSON

The version of MySQL running on the remote host is 5.7.x prior to 5.7.18. It is, therefore, affected by multiple vulnerabilities :

  • A carry propagation error exists in the OpenSSL component in the Broadwell-specific Montgomery multiplication procedure when handling input lengths divisible by but longer than 256 bits. This can result in transient authentication and key negotiation failures or reproducible erroneous outcomes of public-key operations with specially crafted input. A man-in-the-middle attacker can possibly exploit this issue to compromise ECDH key negotiations that utilize Brainpool P-512 curves. (CVE-2016-7055)

  • Multiple unspecified flaws exist in the DML subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. Note that CVE-2017-3331 only affects versions 5.7.11 to 5.7.17. (CVE-2017-3308, CVE-2017-3331, CVE-2017-3456, CVE-2017-3457, CVE-2017-3458)

  • Multiple unspecified flaws exist in the Optimizer subcomponent that allow an authenticated, remote attacker to cause a denial of service condition.
    (CVE-2017-3309, CVE-2017-3453, CVE-2017-3459)

  • An unspecified flaw exists in the Thread Pooling subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition.
    (CVE-2017-3329)

  • An unspecified flaw exists in the Memcached subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-3450)

  • An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to insert and delete data contained in the database or cause a denial of service condition. (CVE-2017-3454)

  • An unspecified flaw exists in the ‘Security: Privileges’ subcomponent that allows an authenticated, remote attacker to insert or delete data contained in the database or disclose sensitive information.
    (CVE-2017-3455)

  • An unspecified flaw exists in the Audit Plug-in subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.
    (CVE-2017-3460)

  • Multiple unspecified flaws exist in the ‘Security: Privileges’ subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2017-3461, CVE-2017-3462, CVE-2017-3463)

  • An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to update, insert, or delete data contained in the database.
    (CVE-2017-3464)

  • An unspecified flaw exists in the ‘Security: Privileges’ subcomponent that allows an authenticated, remote attacker to update, insert, or delete data contained in the database. (CVE-2017-3465)

  • An unspecified flaw exists in the C API subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-3467)

  • An unspecified flaw exists in the ‘Security: Encryption’ subcomponent that allows an authenticated, remote attacker to update, insert, or delete data contained in the database. (CVE-2017-3468)

  • An unspecified flaw exists in the Pluggable Auth subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition.
    (CVE-2017-3599)

  • An unspecified flaw exists in the ‘Client mysqldump’ subcomponent that allows an authenticated, remote attacker to execute arbitrary code. (CVE-2017-3600)

  • An out-of-bounds read error exists in the OpenSSL component when handling packets using the CHACHA20/POLY1305 or RC4-MD5 ciphers. An unauthenticated, remote attacker can exploit this, via specially crafted truncated packets, to cause a denial of service condition. (CVE-2017-3731)

  • A carry propagating error exists in the OpenSSL component in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An unauthenticated, remote attacker with sufficient resources can exploit this to obtain sensitive information regarding private keys.
    (CVE-2017-3732)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(99516);
  script_version("1.12");
  script_cvs_date("Date: 2019/11/13");

  script_cve_id(
    "CVE-2016-7055",
    "CVE-2017-3308",
    "CVE-2017-3309",
    "CVE-2017-3329",
    "CVE-2017-3331",
    "CVE-2017-3450",
    "CVE-2017-3453",
    "CVE-2017-3454",
    "CVE-2017-3455",
    "CVE-2017-3456",
    "CVE-2017-3457",
    "CVE-2017-3458",
    "CVE-2017-3459",
    "CVE-2017-3460",
    "CVE-2017-3461",
    "CVE-2017-3462",
    "CVE-2017-3463",
    "CVE-2017-3464",
    "CVE-2017-3465",
    "CVE-2017-3467",
    "CVE-2017-3468",
    "CVE-2017-3599",
    "CVE-2017-3600",
    "CVE-2017-3731",
    "CVE-2017-3732"
  );
  script_bugtraq_id(
    94242,
    95813,
    95814,
    97725,
    97742,
    97747,
    97754,
    97763,
    97765,
    97772,
    97776,
    97791,
    97812,
    97818,
    97820,
    97822,
    97825,
    97826,
    97831,
    97837,
    97845,
    97847,
    97848,
    97849,
    97851
  );

  script_name(english:"MySQL 5.7.x < 5.7.18 Multiple Vulnerabilities (April 2017 CPU) (July 2017 CPU)");
  script_summary(english:"Checks the version of MySQL server.");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of MySQL running on the remote host is 5.7.x prior to
5.7.18. It is, therefore, affected by multiple vulnerabilities :

  - A carry propagation error exists in the OpenSSL
    component in the Broadwell-specific Montgomery
    multiplication procedure when handling input lengths
    divisible by but longer than 256 bits. This can result
    in transient authentication and key negotiation failures
    or reproducible erroneous outcomes of public-key
    operations with specially crafted input. A
    man-in-the-middle attacker can possibly exploit this
    issue to compromise ECDH key negotiations that utilize
    Brainpool P-512 curves. (CVE-2016-7055)

  - Multiple unspecified flaws exist in the DML subcomponent
    that allow an authenticated, remote attacker to cause a
    denial of service condition. Note that CVE-2017-3331
    only affects versions 5.7.11 to 5.7.17. (CVE-2017-3308,
    CVE-2017-3331, CVE-2017-3456, CVE-2017-3457,
    CVE-2017-3458)

  - Multiple unspecified flaws exist in the Optimizer
    subcomponent that allow an authenticated, remote
    attacker to cause a denial of service condition.
    (CVE-2017-3309, CVE-2017-3453, CVE-2017-3459)

  - An unspecified flaw exists in the Thread Pooling
    subcomponent that allows an unauthenticated, remote
    attacker to cause a denial of service condition.
    (CVE-2017-3329)

  - An unspecified flaw exists in the Memcached subcomponent
    that allows an unauthenticated, remote attacker to cause
    a denial of service condition. (CVE-2017-3450)

  - An unspecified flaw exists in the InnoDB subcomponent
    that allows an authenticated, remote attacker to insert
    and delete data contained in the database or cause a
    denial of service condition. (CVE-2017-3454)

  - An unspecified flaw exists in the 'Security: Privileges'
    subcomponent that allows an authenticated, remote
    attacker to insert or delete data contained in the
    database or disclose sensitive information.
    (CVE-2017-3455)

  - An unspecified flaw exists in the Audit Plug-in
    subcomponent that allows an authenticated, remote
    attacker to cause a denial of service condition.
    (CVE-2017-3460)

  - Multiple unspecified flaws exist in the
    'Security: Privileges' subcomponent that allow an
    authenticated, remote attacker to cause a denial of
    service condition. (CVE-2017-3461, CVE-2017-3462,
    CVE-2017-3463)

  - An unspecified flaw exists in the DDL subcomponent that
    allows an authenticated, remote attacker to update,
    insert, or delete data contained in the database.
    (CVE-2017-3464)

  - An unspecified flaw exists in the 'Security: Privileges'
    subcomponent that allows an authenticated, remote
    attacker to update, insert, or delete data contained in
    the database. (CVE-2017-3465)

  - An unspecified flaw exists in the C API subcomponent
    that allows an unauthenticated, remote attacker to
    disclose sensitive information. (CVE-2017-3467)

  - An unspecified flaw exists in the 'Security: Encryption'
    subcomponent that allows an authenticated, remote
    attacker to update, insert, or delete data contained in
    the database. (CVE-2017-3468)

  - An unspecified flaw exists in the Pluggable Auth
    subcomponent that allows an unauthenticated, remote
    attacker to cause a denial of service condition.
    (CVE-2017-3599)

  - An unspecified flaw exists in the 'Client mysqldump'
    subcomponent that allows an authenticated, remote
    attacker to execute arbitrary code. (CVE-2017-3600)

  - An out-of-bounds read error exists in the OpenSSL
    component when handling packets using the
    CHACHA20/POLY1305 or RC4-MD5 ciphers. An
    unauthenticated, remote attacker can exploit this, via
    specially crafted truncated packets, to cause a denial
    of service condition. (CVE-2017-3731)

  - A carry propagating error exists in the OpenSSL
    component in the x86_64 Montgomery squaring
    implementation that may cause the BN_mod_exp() function
    to produce incorrect results. An unauthenticated, remote
    attacker with sufficient resources can exploit this to
    obtain sensitive information regarding private keys.
    (CVE-2017-3732)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-18.html");
  # https://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d679be85");
  # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3681811.xml
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?eb4db3c7");
  script_set_attribute(attribute:"see_also", value:"https://support.oracle.com/rs?type=doc&id=2244179.1");
  # http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?76f5def7");
  # https://support.oracle.com/epmos/faces/DocumentDisplay?id=2279658.1
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d520c6c8");
  # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3809960.xml
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?322067e2");
  script_set_attribute(attribute:"solution", value:
"Upgrade to MySQL version 5.7.18 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-3600");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/11/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/04/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/20");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mysql_version.nasl", "mysql_login.nasl");
  script_require_keys("Settings/ParanoidReport");
  script_require_ports("Services/mysql", 3306);

  exit(0);
}

include("mysql_version.inc");

mysql_check_version(fixed:'5.7.18', min:'5.7', severity:SECURITY_WARNING);
VendorProductVersionCPE
oraclemysqlcpe:/a:oracle:mysql

References

Related

nessus 54
freebsd 2
openvas 28
ubuntu 3
amazon 2
fedora 8
osv 6
debian 5
suse 5
slackware 2
altlinux 6
ibm 39
mageia 1
freebsd_advisory 1
archlinux 2
gentoo 1
fortinet 1
f5 3
nodejsblog 1
redhat 2
cloudfoundry 1
symantec 1
huawei 2
cisco 1
cve 3
redhatcve 3
prion 4
veracode 4
ubuntucve 5
alpinelinux 1
debiancve 1
openssl 1
nessus
nessus
MySQL 5.7.x < 5.7.18 Multiple Vulnerabilities (April 2017 CPU) (July 2017 CPU)
2017-04-20 00:00:00
Oracle MySQL 5.7.x < 5.7.18 Multiple Vulnerabilities
2017-04-20 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : MySQL vulnerabilities (USN-3269-1)
2017-04-28 00:00:00
freebsd
freebsd
MySQL -- multiple vulnerabilities
2017-04-19 00:00:00
OpenSSL -- multiple vulnerabilities
2017-01-26 00:00:00
openvas
openvas
Ubuntu Update for mysql-5.7 USN-3269-1
2017-04-28 00:00:00
Oracle Mysql Security Updates (apr2017-3236618) 05 - Linux
2017-04-19 00:00:00
Oracle Mysql Security Updates (apr2017-3236618) 05 - Windows
2017-04-19 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2017-04-27 00:00:00
MySQL vulnerabilities
2017-07-24 00:00:00
OpenSSL vulnerabilities
2017-01-31 00:00:00
amazon
amazon
Important: mysql56
2017-05-18 22:01:00
Medium: mysql55
2017-05-19 00:27:00
fedora
fedora
[SECURITY] Fedora 25 Update: community-mysql-5.7.18-2.fc25
2017-04-29 01:50:21
[SECURITY] Fedora 24 Update: community-mysql-5.7.18-2.fc24
2017-04-29 01:18:25
[SECURITY] Fedora 26 Update: community-mysql-5.7.18-2.fc26
2017-04-28 14:36:49
osv
osv
mysql-5.5 - security update
2017-04-25 00:00:00
mysql-5.5 - security update
2017-04-25 00:00:00
mariadb-10.0 - security update
2017-08-17 00:00:00
debian
debian
[SECURITY] [DSA 3834-1] mysql-5.5 security update
2017-04-25 15:15:11
[SECURITY] [DSA 3834-1] mysql-5.5 security update
2017-04-25 15:15:11
[SECURITY] [DLA 916-1] mysql-5.5 security update
2017-04-25 20:47:46
suse
suse
Security update for mysql (important)
2017-04-28 21:13:58
Security update for mysql-community-server (important)
2017-05-08 18:18:38
Security update for mariadb (important)
2017-08-03 15:11:47
slackware
slackware
[slackware-security] mariadb
2017-07-14 22:13:14
[slackware-security] openssl
2017-02-10 20:40:56
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 1.0.2k-alt1
2017-01-26 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 1.0.2k-alt0.M80P.1
2017-01-27 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.2k-alt1
2017-01-26 00:00:00
ibm
ibm
Security Bulletin: Security vulnerabilities have been identified in OpenSSL shipped with IBM Tivoli Network Manager IP Edition(CVE-2016-7055, CVE-2017-3731, CVE-2017-3732)
2018-06-17 15:39:17
Security Bulletin: Vulnerabilities in OpenSSL affect Sterling Connect:Express for UNIX (CVE-2016-7055, CVE-2017-3731 and CVE-2017-3732)
2020-07-24 22:49:37
Security Bulletin: Vulnerabilities in OpenSSL affect IBM® SDK for Node.js™ in IBM Bluemix (CVE-2017-3731 CVE-2017-3732 CVE-2016-7055)
2018-08-09 04:20:36
mageia
mageia
Updated openssl packages fix security vulnerability
2017-02-05 23:42:41
freebsd_advisory
freebsd_advisory
FreeBSD-SA-17:02.openssl
2017-02-23 00:00:00
archlinux
archlinux
[ASA-201701-36] lib32-openssl: multiple issues
2017-01-27 00:00:00
[ASA-201701-37] openssl: multiple issues
2017-01-28 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2017-02-14 00:00:00
fortinet
fortinet
OpenSSL Security Advisory [26 Jan 2017]
2018-07-13 00:00:00
f5
f5
K38624343 : MySQL vulnerabilities CVE-2017-3308, CVE-2017-3456, CVE-2017-3464, and CVE-2020-2780
2022-01-18 00:00:00
K10771536 : MySQL vulnerabilities CVE-2017-3309, CVE-2017-3453, and CVE-2019-2974
2022-01-13 00:00:00
OpenSSL vulnerability CVE-2016-7055
2017-02-03 22:42:00
nodejsblog
nodejsblog
OpenSSL update, 1.0.2k
2017-01-27 00:00:00
redhat
redhat
(RHSA-2017:2886) Important: rh-mysql57-mysql security and bug fix update
2017-10-12 07:34:25
(RHSA-2017:2787) Important: rh-mysql56-mysql security and bug fix update
2017-09-21 07:18:30
cloudfoundry
cloudfoundry
USN-3181-1: OpenSSL vulnerabilities | Cloud Foundry
2017-06-02 00:00:00
symantec
symantec
SA141 : OpenSSL Vulnerabilities 26-Jan-2017
2017-02-09 08:00:00
huawei
huawei
Security Advisory - Three OpenSSL Vulnerabilities in Huawei Products
2017-05-03 00:00:00
Security Advisory - OpenSSL Montgomery multiplication may produce incorrect results Vulnerability
2017-04-19 00:00:00
cisco
cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017
2017-01-30 21:28:00
cve
cve
CVE-2017-3454
2017-04-24 19:59:00
CVE-2017-3455
2017-04-24 19:59:00
CVE-2016-7055
2017-05-04 20:29:00
redhatcve
redhatcve
CVE-2017-3455
2017-04-19 07:40:54
CVE-2017-3454
2017-04-19 07:41:02
CVE-2017-3457
2017-04-19 07:40:43
prion
prion
Code injection
2017-04-24 19:59:00
Integer overflow
2017-04-24 19:59:00
Code injection
2017-04-24 19:59:00
veracode
veracode
Denial Of Service (DoS)
2019-05-16 01:47:50
Privilege Escalation
2019-05-16 01:47:50
Denial Of Service (DoS)
2019-05-02 06:37:05
ubuntucve
ubuntucve
CVE-2017-3454
2017-04-24 00:00:00
CVE-2017-3599
2017-04-24 00:00:00
CVE-2017-3455
2017-04-24 00:00:00
alpinelinux
alpinelinux
CVE-2016-7055
2017-05-04 20:29:00
debiancve
debiancve
CVE-2016-7055
2017-05-04 20:29:00
openssl
openssl
Vulnerability in OpenSSL CVE-2016-7055
2016-11-10 00:00:00
JSON
Related for MYSQL_5_7_18.NASL
nessus54freebsd2openvas28ubuntu3amazon2fedora8osv6debian5suse5slackware2altlinux6ibm39mageia1freebsd_advisory1archlinux2gentoo1fortinet1f53nodejsblog1redhat2cloudfoundry1symantec1huawei2cisco1cve3redhatcve3prion4veracode4ubuntucve5alpinelinux1debiancve1openssl1