PT-2017-16056 · Oracle+7 · Mysql Server+6

Published

2017-07-18

·

Updated

2024-06-15

·

CVE-2017-3636

CVSS v3.1

5.3

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Name of the Vulnerable Software and Affected Versions Oracle MySQL versions 5.5.56 and earlier Oracle MySQL versions 5.6.36 and earlier
Description The issue allows a low-privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks can result in unauthorized update, insert, or delete access to some of MySQL Server's accessible data, as well as unauthorized read access to a subset of MySQL Server's accessible data and unauthorized ability to cause a partial denial of service of MySQL Server. It is also possible for a high-privileged attacker with network access via multiple protocols to cause a hang or frequently repeatable crash of MySQL Server.
Recommendations For Oracle MySQL versions 5.5.56 and earlier, update to a version later than 5.5.56 to resolve the issue. For Oracle MySQL versions 5.6.36 and earlier, update to a version later than 5.6.36 to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2017-1931
ALT-PU-2017-2214
ALT-PU-2018-2387
ALT-PU-2018-2496
CESA-2018_2439
CVE-2017-3636
DLA-1043-1
DSA-3922-1
DSA-3944-1
DSA-3955-1
MGASA-2017-0289
MGASA-2017-0332
OPENSUSE-SU-2024:11038-1
RHSA-2017:2787
RHSA-2018:0279
RHSA-2018:0574
RHSA-2018:2439
RHSA-2018_2439
SUSE-RU-2023:3956-1
SUSE-RU-2023:4991-1
SUSE-SU-2017:2290-1
SUSE-SU-2017:2921-1
SUSE-SU-2017_2921-1
SUSE-SU-2018:0079-1
SUSE-SU-2018:1853-1
SUSE-SU-2018_0079-1
USN-3357-1
USN-3357-2

Affected Products

Alt Linux
Centos
Mariadb Server
Mysql Server
Red Hat
Suse
Ubuntu