CVE-2017-3653 — LOW (3.1) — White Hats Nepal

Q: How severe is CVE-2017-3653?

CVE-2017-3653 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-3653?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Mysql, Debian Debian Linux, Redhat Openstack, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus.

Vulnerability Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).

CVSS Score

3.1

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Oracle	Mysql	>= 5.5.0, <= 5.5.56
Debian	Debian Linux	8.0
Redhat	Openstack	12
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Eus	7.5
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Aus	7.6
Redhat	Enterprise Linux Server Tus	7.6
Redhat	Enterprise Linux Workstation	7.0
Mariadb	Mariadb	>= 5.5.0, < 5.5.57

References

http://www.debian.org/security/2017/dsa-3922Third Party Advisory
http://www.debian.org/security/2017/dsa-3944Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatchVendor Advisory
http://www.securityfocus.com/bid/99810Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1038928Broken LinkThird Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2017:2787PatchThird Party Advisory
https://access.redhat.com/errata/RHSA-2017:2886PatchThird Party Advisory
https://access.redhat.com/errata/RHSA-2018:0279PatchThird Party Advisory
https://access.redhat.com/errata/RHSA-2018:0574PatchThird Party Advisory
https://access.redhat.com/errata/RHSA-2018:2439PatchThird Party Advisory
https://access.redhat.com/errata/RHSA-2018:2729Third Party Advisory
https://www.debian.org/security/2017/dsa-3955Third Party Advisory
http://www.debian.org/security/2017/dsa-3922Third Party Advisory
http://www.debian.org/security/2017/dsa-3944Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatchVendor Advisory

FAQ

What is CVE-2017-3653?

CVE-2017-3653 is a vulnerability with a CVSS score of 3.1 (LOW). Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficu...

How severe is CVE-2017-3653?

CVE-2017-3653 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-3653?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Mysql, Debian Debian Linux, Redhat Openstack, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus.