Linux Distros Unpatched Vulnerability : CVE-2017-3462

🗓️ 04 Mar 2025 00:00:00Reported by TenableType

Unpatched vulnerability CVE-2017-3462 allows MySQL Server crashes via network access by attackers.

Reporter	Title	Published	Views	Family All 80
Tenable Nessus	Oracle MySQL 5.5.x < 5.5.55 Multiple Vulnerabilities	20 Apr 201700:00	–	nessus
Tenable Nessus	Oracle MySQL 5.6.x < 5.6.36 Multiple Vulnerabilities	20 Apr 201700:00	–	nessus
Tenable Nessus	Oracle MySQL 5.7.x < 5.7.18 Multiple Vulnerabilities	20 Apr 201700:00	–	nessus
Tenable Nessus	Amazon Linux AMI : mysql56 (ALAS-2017-830)	19 May 201700:00	–	nessus
Tenable Nessus	Amazon Linux AMI : mysql55 (ALAS-2017-831)	19 May 201700:00	–	nessus
Tenable Nessus	Debian DLA-916-1 : mysql-5.5 security update (Riddle)	26 Apr 201700:00	–	nessus
Tenable Nessus	Debian DSA-3834-1 : mysql-5.5 - security update (Riddle)	26 Apr 201700:00	–	nessus
Tenable Nessus	FreeBSD : MySQL -- multiple vulnerabilities (d9e01c35-2531-11e7-b291-b499baebfeaf) (Riddle)	20 Apr 201700:00	–	nessus
Tenable Nessus	GLSA-201802-04 : MySQL: Multiple vulnerabilities	20 Feb 201800:00	–	nessus
Tenable Nessus	MiracleLinux 7 : rh-mysql56-mysql-5.6.37-5.el7 (AXSA:2017-2301:01)	16 Jan 202600:00	–	nessus

Source	Link
access	www.access.redhat.com/security/cve/cve-2017-3462
ubuntu	www.ubuntu.com/security/CVE-2017-3462
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(221170);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/18");

  script_cve_id("CVE-2017-3462");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2017-3462");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges).
    Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier.
    Easily exploitable vulnerability allows high privileged attacker with network access via multiple
    protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized
    ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2017-3462)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-3462");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2017-3462");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-3462");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/03/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:percona-server-5.6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:percona-xtradb-cluster-5.6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-bench");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-embedded-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-test");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql55-mysql");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("set_linux_os_id.nasl", "ssh_get_info2.nasl");
  script_require_keys("Host/OS/identifier", "Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched");
  script_require_ports("Host/OS/Red Hat Enterprise Linux-5", "Host/OS/Red Hat Enterprise Linux-6", "Host/OS/Ubuntu Linux-16.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l")) && empty_or_null(get_one_kb_item("Host/RedHat/rpm-list"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-16.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "16.04",
        "pkgs": [
          {"reference": "percona-server-5.6"},
          {"reference": "percona-xtradb-cluster-5.6"}
        ]
      }
    ]
  },
  "Red Hat Enterprise Linux-5": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "5",
        "pkgs": [
          {"reference": "mysql55-mysql"}
        ]
      }
    ]
  },
  "Red Hat Enterprise Linux-6": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "6",
        "pkgs": [
          {"reference": "mysql"},
          {"reference": "mysql-bench"},
          {"reference": "mysql-devel"},
          {"reference": "mysql-embedded"},
          {"reference": "mysql-embedded-devel"},
          {"reference": "mysql-libs"},
          {"reference": "mysql-server"},
          {"reference": "mysql-test"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

18 Aug 2025 00:00Current

5.6Medium risk

Vulners AI Score5.6

CVSS 24

CVSS 34.9

EPSS0.00543

SSVC

cve-2017-3462 mysql server vulnerability unpatched oracle network access denial of service