CVE-2017-3455

Metadata

medium
5.5
mysql-5.7, mariadb-5.5, mariadb-10.0, mariadb-10.1, percona-xtradb-cluster-5.5, percona-xtradb-cluster-5.6, percona-server-5.6, mysql-5.5, mysql-5.6
CVE-2017-3455
cve.mitre.org, oracle.com, ubuntu.com, bugs.debian.org
2017-04-24
2017-10-23 14:20
CVE-2017-3455 mysql-5.7
CVE-2017-3455 mysql-5.5
2017-07-20 21:32
2017-06-16 19:22
2017-06-15 02:33
2017-05-30 14:03
2017-05-10 23:50
2017-04-27 16:09
2017-04-27 01:04
2017-04-25 15:04
2017-04-20 05:06

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
artful mariadb-10.1 None
mysql-5.7 5.7.18-0ubuntu1
percona-server-5.6 None
percona-xtradb-cluster-5.6 None
devel mariadb-10.1 None
mysql-5.7 5.7.18-0ubuntu1
percona-server-5.6 None
percona-xtradb-cluster-5.6 None
trusty mariadb-5.5 None
percona-xtradb-cluster-5.5 None
upstream mysql-5.7 5.7.18
xenial mariadb-10.0 None
mysql-5.7 5.7.18-0ubuntu0.16.04.1
percona-server-5.6 None
percona-xtradb-cluster-5.6 None
yakkety mysql-5.7 5.7.18-0ubuntu0.16.10.1
zesty mariadb-10.1 None
mysql-5.7 5.7.18-0ubuntu0.17.04.1
percona-server-5.6 None
percona-xtradb-cluster-5.6 None

Unaffected

Release Package Reason
precise mysql-5.7 DNE
mysql-5.5 not-affected
mysql-5.6 DNE
mariadb-5.5 DNE
mariadb-10.0 DNE
mariadb-10.1 DNE
percona-xtradb-cluster-5.5 DNE
percona-xtradb-cluster-5.6 DNE
percona-server-5.6 DNE
precise/esm mysql-5.7 DNE
mysql-5.5 not-affected
mysql-5.6 DNE
mariadb-5.5 DNE
mariadb-10.0 DNE
mariadb-10.1 DNE
percona-xtradb-cluster-5.5 DNE
percona-xtradb-cluster-5.6 DNE
percona-server-5.6 DNE
trusty mysql-5.7 DNE
mysql-5.5 not-affected
mysql-5.6 not-affected
mariadb-10.0 DNE
mariadb-10.1 DNE
percona-xtradb-cluster-5.6 DNE
percona-server-5.6 DNE
vivid/stable-phone-overlay mysql-5.7 DNE
mysql-5.5 DNE
mysql-5.6 DNE
mariadb-5.5 DNE
mariadb-10.0 DNE
mariadb-10.1 DNE
percona-xtradb-cluster-5.5 DNE
percona-xtradb-cluster-5.6 DNE
percona-server-5.6 DNE
vivid/ubuntu-core mysql-5.7 DNE
mysql-5.5 DNE
mysql-5.6 DNE
mariadb-5.5 DNE
mariadb-10.0 DNE
mariadb-10.1 DNE
percona-xtradb-cluster-5.5 DNE
percona-xtradb-cluster-5.6 DNE
percona-server-5.6 DNE
upstream mysql-5.5 not-affected
mysql-5.6 not-affected
xenial mysql-5.5 DNE
mysql-5.6 DNE
mariadb-5.5 DNE
mariadb-10.1 DNE
percona-xtradb-cluster-5.5 DNE
yakkety mysql-5.5 DNE
mysql-5.6 DNE
mariadb-5.5 DNE
mariadb-10.0 ignored
mariadb-10.1 DNE
percona-xtradb-cluster-5.5 DNE
percona-xtradb-cluster-5.6 ignored
percona-server-5.6 ignored
zesty mysql-5.5 DNE
mysql-5.6 DNE
mariadb-5.5 DNE
mariadb-10.0 DNE
percona-xtradb-cluster-5.5 DNE
artful mysql-5.5 DNE
mysql-5.6 DNE
mariadb-5.5 DNE
mariadb-10.0 DNE
percona-xtradb-cluster-5.5 DNE
devel mysql-5.5 DNE
mysql-5.6 DNE
mariadb-5.5 DNE
mariadb-10.0 DNE
percona-xtradb-cluster-5.5 DNE

Needs Triage

Release Package Reason
upstream mariadb-5.5 needs-triage
mariadb-10.0 needs-triage
mariadb-10.1 needs-triage
percona-xtradb-cluster-5.5 needs-triage
percona-xtradb-cluster-5.6 needs-triage
percona-server-5.6 needs-triage