PT-2017-3921 · Oracle+7 · Mysql Server+6

Published

2017-10-17

·

Updated

2023-12-29

·

CVE-2017-10268

CVSS v2.0

4.4

Medium

VectorAV:L/AC:M/Au:S/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions Oracle MySQL versions 5.5.57 and earlier Oracle MySQL versions 5.6.37 and earlier Oracle MySQL versions 5.7.19 and earlier
Description The issue is related to the MySQL Server component, specifically the Server: Replication subcomponent. It allows a high-privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server, potentially resulting in unauthorized access to critical data or complete access to all MySQL Server accessible data. The vulnerability is difficult to exploit and requires high privileges.
Recommendations For versions 5.5.57 and earlier, update to a version later than 5.5.57 to resolve the issue. For versions 5.6.37 and earlier, update to a version later than 5.6.37 to resolve the issue. For versions 5.7.19 and earlier, update to a version later than 5.7.19 to resolve the issue. As a temporary workaround, consider restricting access to the MySQL Server to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2017-2768
ALT-PU-2018-1647
ALT-PU-2018-2387
ALT-PU-2018-2496
BDU:2020-00675
CESA-2018_2439
CVE-2017-10268
DLA-1141-1
DLA-1407-1
DSA-4002-1
DSA-4341-1
MGASA-2017-0461
OPENSUSE-SU-2017_2868-1
RHSA-2017:3265
RHSA-2017:3442
RHSA-2018:0279
RHSA-2018:0574
RHSA-2018:2439
RHSA-2018_2439
RHSA-2019:1258
SUSE-RU-2023:3956-1
SUSE-RU-2023:4991-1
SUSE-SU-2017:2996-1
SUSE-SU-2017_2996-1
SUSE-SU-2018:0384-1
SUSE-SU-2018:0698-1
SUSE-SU-2018:1853-1
SUSE-SU-2018_0384-1
SUSE-SU-2018_0698-1
USN-3459-1
USN-3459-2

Affected Products

Alt Linux
Centos
Mariadb Server
Mysql Server
Red Hat
Suse
Ubuntu