PT-2016-7894 · Mysql Server+6 · Mysql Server+6

Published

2016-12-24

·

Updated

2024-06-15

·

CVE-2017-3265

CVSS v3.1

5.6

Medium

VectorAV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions MySQL Server versions 5.5.53 and earlier MySQL Server versions 5.6.34 and earlier MySQL Server versions 5.7.16 and earlier
Description The issue allows a high privileged attacker to compromise MySQL Server, potentially resulting in unauthorized access to critical data or complete access to all MySQL Server accessible data. Successful attacks can also cause a hang or frequently repeatable crash of MySQL Server, leading to a denial of service. The attack requires either logon to the infrastructure where MySQL Server executes or network access via multiple protocols, and may involve human interaction from a person other than the attacker.
Recommendations For MySQL Server versions 5.5.53 and earlier, update to a version later than 5.5.53 to resolve the issue. For MySQL Server versions 5.6.34 and earlier, update to a version later than 5.6.34 to resolve the issue. For MySQL Server versions 5.7.16 and earlier, update to a version later than 5.7.16 to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2017-1061
ALT-PU-2017-1407
CESA-2017_2192
CVE-2017-3265
DLA-797-1
DSA-3767-1
DSA-3770-1
MGASA-2017-0054
MGASA-2017-0289
OPENSUSE-SU-2017_0479-1
OPENSUSE-SU-2017_0486-1
OPENSUSE-SU-2017_0618-1
OPENSUSE-SU-2024:11038-1
RHSA-2017:2192
RHSA-2017:2787
RHSA-2017_2192
RHSA-2018:0279
RHSA-2018:0574
SUSE-RU-2023:3956-1
SUSE-RU-2023:4991-1
SUSE-SU-2017:0408-1
SUSE-SU-2017:0411-1
SUSE-SU-2017:0412-1
USN-3174-1

Affected Products

Alt Linux
Centos
Mariadb Server
Mysql Server
Red Hat
Suse
Ubuntu