SB2017072005 - Multiple vulnerabilities in Oracle MySQL Server
Published: July 20, 2017 Updated: January 29, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 25 secuirty vulnerabilities.
1) Improper Access Control (CVE-ID: CVE-2017-3635)
The vulnerability exists due to an unspecified error in the MySQL Server within C API component. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.
2) Improper Access Control (CVE-ID: CVE-2017-3636)
The vulnerability exists due to an unspecified error in the MySQL Server within Client programs component. A local user can exploit the vulnerability to gain full access to MySQL databases.
3) Improper Access Control (CVE-ID: CVE-2017-3529)
The vulnerability exists due to an unspecified error in the MySQL Server within UDF component. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.
4) Improper Access Control (CVE-ID: CVE-2017-3637)
The vulnerability exists due to an unspecified error in the MySQL Server within X Plugin component. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.
5) Improper Access Control (CVE-ID: CVE-2017-3639)
The vulnerability exists due to an unspecified error in the MySQL Server within DML component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.
6) Improper Access Control (CVE-ID: CVE-2017-3640)
The vulnerability exists due to an unspecified error in the MySQL Server within DML component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.
7) Improper Access Control (CVE-ID: CVE-2017-3641)
The vulnerability exists due to an unspecified error in the MySQL Server within DML component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.
8) Improper Access Control (CVE-ID: CVE-2017-3643)
The vulnerability exists due to an unspecified error in the MySQL Server within DML component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.
9) Improper Access Control (CVE-ID: CVE-2017-3644)
The vulnerability exists due to an unspecified error in the MySQL Server within DML component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.
10) Improper Access Control (CVE-ID: CVE-2017-3638)
The vulnerability exists due to an unspecified error in the MySQL Server within Optimizer component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.
11) Improper Access Control (CVE-ID: CVE-2017-3642)
The vulnerability exists due to an unspecified error in the MySQL Server within Optimizer component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.
12) Improper Access Control (CVE-ID: CVE-2017-3645)
The vulnerability exists due to an unspecified error in the MySQL Server within Optimizer component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.
13) Improper Access Control (CVE-ID: CVE-2017-3646)
The vulnerability exists due to an unspecified error in the MySQL Server within X Plugin component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.
14) Improper Access Control (CVE-ID: CVE-2017-3648)
The vulnerability exists due to an unspecified error in the MySQL Server within Charsets component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.
15) Improper Access Control (CVE-ID: CVE-2017-3647)
The vulnerability exists due to an unspecified error in the MySQL Server within Replication component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.
16) Improper Access Control (CVE-ID: CVE-2017-3649)
The vulnerability exists due to an unspecified error in the MySQL Server within Replication component. A remote privileged user can exploit the vulnerability to perform a denial of service attack.
17) Improper Access Control (CVE-ID: CVE-2017-3651)
The vulnerability exists due to an unspecified error in the MySQL Server within Client mysqldump component. A remote authenticated attacker can exploit the vulnerability to perform unauthorized modification of data.
18) Improper Access Control (CVE-ID: CVE-2017-3652)
The vulnerability exists due to an unspecified error in the MySQL Server within DDL component. A remote authenticated attacker can exploit the vulnerability to gain access unauthorized access and modify data.
19) Improper Access Control (CVE-ID: CVE-2017-3650)
The vulnerability exists due to an unspecified error in the MySQL Server within C API component. A remote unauthenticated attacker can exploit the vulnerability to gain access to potentially sensitive information.
20) Improper Access Control (CVE-ID: CVE-2017-3653)
The vulnerability exists due to an unspecified error in the MySQL Server within DDL component. A remote authenticated attacker can exploit the vulnerability to perform unauthorized modification of data.
21) Improper Access Control (CVE-ID: CVE-2017-3634)
The vulnerability exists due to an unspecified error in the MySQL Server within DML component. A remote authenticated attacker can exploit the vulnerability to perform a denial of service attack.
22) Improper Access Control (CVE-ID: CVE-2017-3633)
The vulnerability exists due to an unspecified error in the MySQL Server within Memcached component. A remote unauthenticated attacker can exploit the vulnerability to modify certain data on the system and perform a denial of service (DoS) attack.
23) Out-of-bounds read (CVE-ID: CVE-2017-3731)
The vulnerability allows a remote attacker to cause denial of service conditions.
The vulnerability exists due to out-of-bounds read in OpenSSL when processing truncated packets on 32-bit system using certain ciphers. A remote attacker can send a specially crafted truncated packet using CHACHA20/POLY1305 cipher for OpenSSL 1.1.0 or RC4-MD5 for 1.0.2 and trigger denial of service.
Successful exploitation of the vulnerability may allow an attacker to perform denial of service (DoS) attack against vulnerable system.
24) Information disclosure (CVE-ID: CVE-2017-3732)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to propagating error in the x86_64 Montgomery squaring procedure. A remote attacker with access to unpatched vulnerable system that uses a shared private key with Diffie-Hellman (DH) parameters set can gain unauthorized access to sensitive private key information.
According to vendor’s advisory, this vulnerability is unlikely to be exploited in real-world attacks, as it requires significant resources and online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients.
Vulnerability exploitation against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely.
25) Information disclosure (CVE-ID: CVE-2016-7055)
The vulnerability allows a remote attacker to decrypt certain data.
The vulnerability exists in OpenSSL implementation due to propagating bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256 bits. A remote attacker can launch attacks against RSA, DSA and DH private keys and decrypt information, passed over encrypted channels. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation.
Successful exploitation of the vulnerability may allow an attacker in certain conditions to launch attacks against OpenSSL clients.
Remediation
Install update from vendor's website.