CVE-2017-3651
CVSS4.0
发布时间 :2017-08-08 11:29:08
修订时间 :2018-01-04 21:31:39
NMPS    

[原文]Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).


[CNNVD]CNNVD数据暂缺。


[机译]译文暂缺.

- CVSS (基础分值)

CVSS分值: 4 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: SINGLE_INSTANCE [--]

- CWE (弱点类目)

CWE-284 [访问控制不恰当]

- CPE (受影响的平台与产品)

cpe:/a:oracle:mysql:5.5.56
cpe:/a:oracle:mysql:5.6.36
cpe:/a:oracle:mysql:5.7.18

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3651
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3651
(官方数据源) NVD

- 其它链接及资源

http://rhn.redhat.com/errata/RHSA-2016-2927.html
(UNKNOWN)  REDHAT  RHSA-2016:2927
http://rhn.redhat.com/errata/RHSA-2016-2928.html
(UNKNOWN)  REDHAT  RHSA-2016:2928
http://www.debian.org/security/2017/dsa-3922
(UNKNOWN)  DEBIAN  DSA-3922
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
(VENDOR_ADVISORY)  CONFIRM  http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.securityfocus.com/bid/99802
(VENDOR_ADVISORY)  BID  99802
http://www.securitytracker.com/id/1038928
(VENDOR_ADVISORY)  SECTRACK  1038928
https://access.redhat.com/errata/RHSA-2017:2192
(UNKNOWN)  REDHAT  RHSA-2017:2192
https://access.redhat.com/errata/RHSA-2017:2787
(UNKNOWN)  REDHAT  RHSA-2017:2787
https://access.redhat.com/errata/RHSA-2017:2886
(UNKNOWN)  REDHAT  RHSA-2017:2886

- 漏洞信息 (F143412)

Ubuntu Security Notice USN-3357-1 (PacketStormID:F143412)
2017-07-20 00:00:00
Ubuntu  security.ubuntu.com
advisory
linux,ubuntu
CVE-2017-3529,CVE-2017-3633,CVE-2017-3634,CVE-2017-3635,CVE-2017-3636,CVE-2017-3637,CVE-2017-3638,CVE-2017-3639,CVE-2017-3640,CVE-2017-3641,CVE-2017-3642,CVE-2017-3643,CVE-2017-3644,CVE-2017-3645,CVE-2017-3647,CVE-2017-3648,CVE-2017-3649,CVE-2017-3650,CVE-2017-3651,CVE-2017-3652,CVE-2017-3653
[点击下载]

Ubuntu Security Notice 3357-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.57 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 17.04 have been updated to MySQL 5.7.19. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3357-1
July 20, 2017

mysql-5.5, mysql-5.7 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in MySQL.

Software Description:
- mysql-5.7: MySQL database
- mysql-5.5: MySQL database

Details:

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 5.5.57 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS
and Ubuntu 17.04 have been updated to MySQL 5.7.19.

In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.

Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-19.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  mysql-server-5.7                5.7.19-0ubuntu0.17.04.1

Ubuntu 16.04 LTS:
  mysql-server-5.7                5.7.19-0ubuntu0.16.04.1

Ubuntu 14.04 LTS:
  mysql-server-5.5                5.5.57-0ubuntu0.14.04.1

In general, a standard system update will make all the necessary changes.

References:
  https://www.ubuntu.com/usn/usn-3357-1
  CVE-2017-3529, CVE-2017-3633, CVE-2017-3634, CVE-2017-3635,
  CVE-2017-3636, CVE-2017-3637, CVE-2017-3638, CVE-2017-3639,
  CVE-2017-3640, CVE-2017-3641, CVE-2017-3642, CVE-2017-3643,
  CVE-2017-3644, CVE-2017-3645, CVE-2017-3647, CVE-2017-3648,
  CVE-2017-3649, CVE-2017-3650, CVE-2017-3651, CVE-2017-3652,
  CVE-2017-3653

Package Information:
  https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.19-0ubuntu0.17.04.1
  https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.19-0ubuntu0.16.04.1
  https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.57-0ubuntu0.14.04.1


    

- 漏洞信息 (F143458)

Ubuntu Security Notice USN-3357-2 (PacketStormID:F143458)
2017-07-24 00:00:00
Ubuntu  security.ubuntu.com
advisory,vulnerability
linux,ubuntu
CVE-2017-3302,CVE-2017-3305,CVE-2017-3308,CVE-2017-3309,CVE-2017-3329,CVE-2017-3453,CVE-2017-3456,CVE-2017-3461,CVE-2017-3462,CVE-2017-3463,CVE-2017-3464,CVE-2017-3600,CVE-2017-3635,CVE-2017-3636,CVE-2017-3641,CVE-2017-3648,CVE-2017-3651,CVE-2017-3652,CVE-2017-3653
[点击下载]

Ubuntu Security Notice 3357-2 - USN-3357-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 12.04 ESM. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.57 in Ubuntu 12.04 ESM. Various other issues were also addressed.

===========================================================================
Ubuntu Security Notice USN-3357-2
July 24, 2017

mysql-5.5 vulnerabilities
===========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in MySQL.

Software Description:
- mysql-5.5: MySQL database

Details:

USN-3357-1 fixed several vulnerabilities in MySQL. This update
provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

Multiple security issues were discovered in MySQL and this update
includes new upstream MySQL versions to fix these issues.

MySQL has been updated to 5.5.57 in Ubuntu 12.04 ESM.

In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.

Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
 mysql-server-5.55.5.57-0ubuntu0.12.04.1

In general, a standard system update will make all the necessary
changes.

References:
 https://www.ubuntu.com/usn/usn-3357-2
 https://www.ubuntu.com/usn/usn-3357-1
 CVE-2017-3302, CVE-2017-3305, CVE-2017-3308, CVE-2017-3309,
 CVE-2017-3329, CVE-2017-3453, CVE-2017-3456, CVE-2017-3461,
 CVE-2017-3462, CVE-2017-3463, CVE-2017-3464, CVE-2017-3600,
 CVE-2017-3635, CVE-2017-3636, CVE-2017-3641, CVE-2017-3648,
 CVE-2017-3651, CVE-2017-3652, CVE-2017-3653

    

- 漏洞信息

Oracle MySQL Server CVE-2017-3651 Remote Security Vulnerability
Unknown 99802
Yes No
2017-07-18 12:00:00 2017-07-18 12:00:00
Oracle

- 受影响的程序版本

Oracle MySQL Server 5.7.18
Oracle MySQL Server 5.7.17
Oracle MySQL Server 5.7.16
Oracle MySQL Server 5.7.15
Oracle MySQL Server 5.7.12
Oracle MySQL Server 5.7
Oracle MySQL Server 5.6.36
Oracle MySQL Server 5.6.35
Oracle MySQL Server 5.6.34
Oracle MySQL Server 5.6.33
Oracle MySQL Server 5.6.30
Oracle MySQL Server 5.6.29
Oracle MySQL Server 5.6.28
Oracle MySQL Server 5.6.27
Oracle MySQL Server 5.6.26
Oracle MySQL Server 5.6.23
Oracle MySQL Server 5.6.22
Oracle MySQL Server 5.6.21
Oracle MySQL Server 5.5.56
Oracle MySQL Server 5.5.55
Oracle MySQL Server 5.5.54
Oracle MySQL Server 5.5.53
Oracle MySQL Server 5.5.52
Oracle MySQL Server 5.5.48
Oracle MySQL Server 5.5.47
Oracle MySQL Server 5.5.46
Oracle MySQL Server 5.5.45
Oracle MySQL Server 5.5.42
Oracle MySQL Server 5.5.41
Oracle MySQL Server 5.5.40
Oracle MySQL Server 5.6.25
Oracle MySQL Server 5.6.24
Oracle MySQL Server 5.6.20
Oracle MySQL Server 5.6.16
Oracle MySQL Server 5.6.15
Oracle MySQL Server 5.5.44
Oracle MySQL Server 5.5.43
Oracle MySQL Server 5.5.36
Oracle MySQL Server 5.5.35

- 漏洞讨论

Oracle MySQL Server is prone to a remote security vulnerability in MySQL Server.

The vulnerability can be exploited over the 'MySQL' protocol. The 'Client mysqldump' sub component is affected.

This vulnerability affects the following supported versions:
5.7.18 and prior
5.5.56 and prior
5.6.36 and prior

- 漏洞利用

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站