PT-2018-3367 · Oracle+7 · Mysql Server+6

Publicado

2018-04-18

Atualizado

2023-12-29

CVE-2018-3063

CVSS v3.1

4.9

Média

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.5.60 and prior

Description: The issue is related to an insufficient access control mechanism in the MySQL Server component of Oracle MySQL, specifically in the Server:Security:Privileges subcomponent. This can be exploited by a high-privileged attacker with network access via multiple protocols to compromise the MySQL Server. Successful attacks can result in the ability to cause a hang or frequently repeatable crash (complete DOS) of the MySQL Server.

Recommendations: For versions 5.5.60 and prior, update to a version that includes a fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

ALT-PU-2018-1647

ALT-PU-2018-2189

ALT-PU-2018-2496

BDU:2020-00683

CESA-2019_2327

CVE-2018-3063

DLA-1488-1

DLA-1566-1

DSA-4341-1

MGASA-2018-0335

MGASA-2018-0359

OPENSUSE-SU-2019:0327-1

OPENSUSE-SU-2019_0327-1

RHSA-2019:1258

RHSA-2019:2327

RHSA-2019_2327

ROSA-SA-2023-2251

SUSE-RU-2023:3956-1

SUSE-RU-2023:4991-1

SUSE-SU-2018:2411-1

SUSE-SU-2018:3972-1

SUSE-SU-2018:4211-1

SUSE-SU-2019:0555-1

SUSE-SU-2019:0628-1

SUSE-SU-2019:1441-1

SUSE-SU-2019:2048-1

USN-3725-1

USN-3725-2

Produtos afetados

Alt Linux

Centos

Mariadb Server

Mysql Server

Red Hat

Suse

Ubuntu

PT-2018-3367 · Oracle+7 · Mysql Server+6

CVE-2018-3063

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 913