PT-2016-7896 · Oracle+7 · Mysql Server+6

Published

2016-12-24

·

Updated

2024-06-15

·

CVE-2017-3312

CVSS v3.1

6.7

Medium

VectorAV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions MySQL Server versions 5.5.53 and earlier MySQL Server versions 5.6.34 and earlier MySQL Server versions 5.7.16 and earlier
Description The issue allows a low-privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and can result in the takeover of MySQL Server. Additionally, a high-privileged attacker with network access via multiple protocols can also exploit this issue, potentially causing a hang or frequently repeatable crash of MySQL Server.
Recommendations For MySQL Server versions 5.5.53 and earlier, update to a version later than 5.5.53 to resolve the issue. For MySQL Server versions 5.6.34 and earlier, update to a version later than 5.6.34 to resolve the issue. For MySQL Server versions 5.7.16 and earlier, update to a version later than 5.7.16 to resolve the issue. As a temporary workaround, consider restricting network access to the MySQL Server until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2017-1061
ALT-PU-2017-1407
CESA-2017_2192
CVE-2017-3312
DLA-797-1
DSA-3767-1
DSA-3770-1
MGASA-2017-0054
OPENSUSE-SU-2017_0479-1
OPENSUSE-SU-2017_0486-1
OPENSUSE-SU-2017_0618-1
OPENSUSE-SU-2024:11038-1
RHSA-2017:2192
RHSA-2017:2787
RHSA-2017:2886
RHSA-2017_2192
RHSA-2018:0279
RHSA-2018:0574
SUSE-RU-2023:3956-1
SUSE-RU-2023:4991-1
SUSE-SU-2017:0408-1
SUSE-SU-2017:0411-1
SUSE-SU-2017:0412-1
USN-3174-1

Affected Products

Alt Linux
Centos
Mariadb Server
Mysql Server
Red Hat
Suse
Ubuntu