CVE-2017-10379
Description
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2017-10379.html
Vendor advisory: secalert_us@oracle.com — http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | 8.0 | affected | |
| rhel | 7.0 | affected | |
| rhel | 7.5 | affected | |
| rhel | 7.6 | affected | |
| rhel | 7.7 | affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| oracle | mysql | {"startIncluding":"5.5.0","endIncluding":"5.5.57"} | |
| mariadb | mariadb | {"startIncluding":"5.5.0","endExcluding":"5.5.57"} | 5.5.57 |
| redhat | openstack | 12 | |
| netapp | active_iq_unified_manager | {"startIncluding":"7.3"} | |
| netapp | oncommand_balance | - | |
| netapp | oncommand_insight | - | |
| netapp | oncommand_performance_manager | - | |
| netapp | oncommand_unified_manager | {"endIncluding":"7.1"} | |
| netapp | oncommand_workflow_automation | - | |
| netapp | snapcenter | - | |
| oracle | mysql | {"startIncluding":"5.6.0","endIncluding":"5.6.37"} | |
| oracle | mysql | {"startIncluding":"5.7.0","endIncluding":"5.7.19"} | |
| mariadb | mariadb | {"startIncluding":"10.0.0","endExcluding":"10.0.32"} | 10.0.32 |
| mariadb | mariadb | {"startIncluding":"10.1.0","endExcluding":"10.1.26"} | 10.1.26 |
| mariadb | mariadb | {"startIncluding":"10.2.0","endExcluding":"10.2.8"} | 10.2.8 |
References
- http://www.debian.org/security/2017/dsa-4002
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.securityfocus.com/bid/101415
- http://www.securitytracker.com/id/1039597
- https://access.redhat.com/errata/RHSA-2017:3265
- https://access.redhat.com/errata/RHSA-2017:3442
- https://access.redhat.com/errata/RHSA-2018:0279
- https://access.redhat.com/errata/RHSA-2018:0574
- https://access.redhat.com/errata/RHSA-2018:2439
- https://access.redhat.com/errata/RHSA-2018:2729
- https://security.netapp.com/advisory/ntap-20171019-0002/
- https://www.suse.com/security/cve/CVE-2017-10379.html
CWEs
CWE-863
Verify integrity in audit chain (admin only). AS-IS.