PT-2018-3365 · Oracle+7 · Mysql Server+6

Publicado

2018-04-23

·

Atualizado

2024-06-15

·

CVE-2018-2767

CVSS v2.0

3.5

Baixa

VetorAV:N/AC:M/Au:S/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.5.60 and prior MySQL Server versions 5.6.40 and prior MySQL Server versions 5.7.22 and prior
Description: The issue is related to a lack of protection for service data in the MySQL Server component of Oracle MySQL, specifically in the Server:Security:Encryption subcomponent. This can allow an attacker to gain unauthorized access to confidential data. The vulnerability can be exploited by a low-privileged attacker with network access via multiple protocols, potentially resulting in unauthorized read access to a subset of MySQL Server accessible data.
Recommendations: For MySQL Server version 5.5.60 and prior, update to a version later than 5.5.60 to resolve the issue. For MySQL Server version 5.6.40 and prior, update to a version later than 5.6.40 to resolve the issue. For MySQL Server version 5.7.22 and prior, update to a version later than 5.7.22 to resolve the issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

ALT-PU-2018-1842
ALT-PU-2018-2267
BDU:2020-00681
CESA-2018_2439
CVE-2018-2767
DLA-1407-1
DLA-1566-1
DSA-4341-1
OPENSUSE-SU-2018_1595-1
OPENSUSE-SU-2018_1800-1
OPENSUSE-SU-2018_2293-1
OPENSUSE-SU-2024:11038-1
RHSA-2018:2439
RHSA-2018_2439
ROSA-SA-2023-2250
SUSE-RU-2023:3956-1
SUSE-RU-2023:4991-1
SUSE-SU-2018:1382-1
SUSE-SU-2018:1771-1
SUSE-SU-2018:1781-1
SUSE-SU-2018:1781-2
SUSE-SU-2018:1853-1
USN-3725-1
USN-3725-2

Produtos afetados

Alt Linux
Centos
Mariadb Server
Mysql Server
Red Hat
Suse
Ubuntu