PT-2018-3365 · Oracle+7 · Mysql Server+6

Published

2018-04-23

·

Updated

2024-06-15

·

CVE-2018-2767

CVSS v2.0

3.5

Low

VectorAV:N/AC:M/Au:S/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.5.60 and prior MySQL Server versions 5.6.40 and prior MySQL Server versions 5.7.22 and prior
Description: The issue is related to a lack of protection for service data in the MySQL Server component of Oracle MySQL, specifically in the Server:Security:Encryption subcomponent. This can allow an attacker to gain unauthorized access to confidential data. The vulnerability can be exploited by a low-privileged attacker with network access via multiple protocols, potentially resulting in unauthorized read access to a subset of MySQL Server accessible data.
Recommendations: For MySQL Server version 5.5.60 and prior, update to a version later than 5.5.60 to resolve the issue. For MySQL Server version 5.6.40 and prior, update to a version later than 5.6.40 to resolve the issue. For MySQL Server version 5.7.22 and prior, update to a version later than 5.7.22 to resolve the issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2018-1842
ALT-PU-2018-2267
BDU:2020-00681
CESA-2018_2439
CVE-2018-2767
DLA-1407-1
DLA-1566-1
DSA-4341-1
OPENSUSE-SU-2018_1595-1
OPENSUSE-SU-2018_1800-1
OPENSUSE-SU-2018_2293-1
OPENSUSE-SU-2024:11038-1
RHSA-2018:2439
RHSA-2018_2439
ROSA-SA-2023-2250
SUSE-RU-2023:3956-1
SUSE-RU-2023:4991-1
SUSE-SU-2018:1382-1
SUSE-SU-2018:1771-1
SUSE-SU-2018:1781-1
SUSE-SU-2018:1781-2
SUSE-SU-2018:1853-1
USN-3725-1
USN-3725-2

Affected Products

Alt Linux
Centos
Mariadb Server
Mysql Server
Red Hat
Suse
Ubuntu