Vulnerability CVE-2017-3636: Information

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-3636
Published: Aug. 8, 2017
Modified: Aug. 4, 2022

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
MySQLsisyphus5.5.57-alt18.0.37-alt1.1ALT-PU-2017-1931-1185846Fixed
MySQLp105.5.57-alt18.0.36-alt1ALT-PU-2017-1931-1185846Fixed
MySQLp95.5.57-alt18.0.26-alt2ALT-PU-2017-1931-1185846Fixed
MySQLp85.5.57-alt0.M80P.15.7.28-alt1ALT-PU-2017-1943-1185879Fixed
MySQLc10f15.5.57-alt18.0.36-alt1ALT-PU-2017-1931-1185846Fixed
MySQLc9f25.5.57-alt18.0.36-alt0.c9.1ALT-PU-2017-1931-1185846Fixed
MySQLc75.5.57-alt1.M70C.15.7.24-alt0.M70C.1ALT-PU-2017-1944-1185880Fixed
mariadbsisyphus10.1.26-alt1.S110.11.8-alt1ALT-PU-2017-2214-1188230Fixed
mariadbp1010.1.26-alt1.S110.6.18-alt1ALT-PU-2017-2214-1188230Fixed
mariadbp910.1.26-alt1.S110.4.34-alt0.M90P.1ALT-PU-2017-2214-1188230Fixed
mariadbp810.1.26-alt1.M80P.110.1.48-alt1ALT-PU-2017-2218-1188241Fixed
mariadbc10f110.1.26-alt1.S110.6.18-alt1ALT-PU-2017-2214-1188230Fixed
mariadbc9f210.1.26-alt1.S110.6.18-alt1ALT-PU-2017-2214-1188230Fixed
mariadbc710.3.14-alt0.M70C.110.3.14-alt0.M70C.1ALT-PU-2019-1992-1231405Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
  • Patch
  • Vendor Advisory
1038928
  • Third Party Advisory
  • VDB Entry
99736
  • Third Party Advisory
  • VDB Entry
DSA-3944
  • Third Party Advisory
DSA-3922
  • Third Party Advisory
DSA-3955
  • Third Party Advisory
RHSA-2017:2787
  • Third Party Advisory
RHSA-2018:0279
  • Third Party Advisory
RHSA-2018:0574
  • Third Party Advisory
RHSA-2018:2439
  • Third Party Advisory
RHSA-2018:2729
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
      Start including
      5.5.0
      End including
      5.5.56
      cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
      Start including
      5.6.0
      End including
      5.6.36

      Configuration 2

      cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
      cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
      cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*

      Configuration 4

      cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
      Start including
      10.0.0
      End excliding
      10.0.32
      cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
      Start including
      10.1.0
      End excliding
      10.1.26
      cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
      Start including
      10.2.0
      End excliding
      10.2.8
      cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
      Start including
      5.5.0
      End excliding
      5.5.57
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.1
Back to top