Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2018.0026
Multiple vulnerabilities have been identified in Oracle MySQL
17 January 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Oracle MySQL
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Modify Arbitrary Files -- Existing Account
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2018-2703 CVE-2018-2696 CVE-2018-2668
CVE-2018-2667 CVE-2018-2665 CVE-2018-2647
CVE-2018-2646 CVE-2018-2645 CVE-2018-2640
CVE-2018-2622 CVE-2018-2612 CVE-2018-2600
CVE-2018-2591 CVE-2018-2590 CVE-2018-2586
CVE-2018-2585 CVE-2018-2583 CVE-2018-2576
CVE-2018-2573 CVE-2018-2565 CVE-2018-2562
CVE-2017-12617 CVE-2017-3737 CVE-2017-3736
Member content until: Friday, February 16 2018
Reference: ASB-2018.0017
ASB-2018.0013
ESB-2018.0174
ESB-2018.0158
ASB-2017.0218
ASB-2017.0209
ASB-2017.0202
ESB-2017.2487
OVERVIEW
Multiple vulnerabilities have been identified in
MySQL Connectors, versions 5.3.9 and prior, 6.9.9 and
prior, 6.10.4 and prior
MySQL Enterprise Monitor, versions 3.3.6.3293 and prior,
3.4.4.4226 and prior, 4.0.0.5135 and prior
MySQL Server, versions 5.5.58 and prior, 5.6.38 and
prior, 5.7.20 and prior
[1]
IMPACT
The vendor has provided the following information regarding
the vulnerabilities:
"This Critical Patch Update contains 25 new security fixes
for Oracle MySQL. 6 of these vulnerabilities may be
remotely exploitable without authentication, i.e., may be
exploited over a network without requiring user
credentials." [1]
"CVE-2017-12617
8.1
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Difficult to exploit vulnerability allows unauthenticated
attacker with network access via HTTP to compromise WLM
(Apache Tomcat). Successful attacks of this vulnerability
can result in takeover of WLM (Apache Tomcat).
CVE-2018-2585
7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Supported versions that are affected are 6.9.9 and prior and
6.10.4 and prior. Easily exploitable vulnerability allows
unauthenticated attacker with network access via multiple
protocols to compromise MySQL Connectors. Successful
attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Connectors.
CVE-2018-2696
7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Supported versions that are affected are 5.6.38 and prior
and 5.7.20 and prior. Easily exploitable vulnerability
allows unauthenticated attacker with network access via
multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server.
CVE-2018-2562
7.1
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Supported versions that are affected are 5.5.58 and prior,
5.6.38 and prior and 5.7.19 and prior. Easily exploitable
vulnerability allows low privileged attacker with network
access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server as well as
unauthorized update, insert or delete access to some of
MySQL Server accessible data.
CVE-2018-2583
6.8
AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Supported versions that are affected are 5.6.38 and prior
and 5.7.20 and prior. Easily exploitable vulnerability
allows high privileged attacker with network access via
multiple protocols to compromise MySQL Server. While the
vulnerability is in MySQL Server, attacks may significantly
impact additional products. Successful attacks of this
vulnerability can result in unauthorized ability to cause a
hang or frequently repeatable crash (complete DOS) of MySQL
Server.
CVE-2018-2612
6.5
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Supported versions that are affected are 5.6.38 and prior
and 5.7.20 and prior. Easily exploitable vulnerability
allows high privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized
creation, deletion or modification access to critical data
or all MySQL Server accessible data and unauthorized ability
to cause a hang or frequently repeatable crash (complete
DOS) of MySQL Server.
CVE-2018-2703
6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Supported versions that are affected are 5.6.38 and prior
and 5.7.20 and prior. Easily exploitable vulnerability
allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server.
CVE-2018-2622
6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Supported versions that are affected are 5.5.58 and prior,
5.6.38 and prior and 5.7.20 and prior. Easily exploitable
vulnerability allows low privileged attacker with network
access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server.
CVE-2018-2573
6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Supported versions that are affected are 5.6.38 and prior
and 5.7.20 and prior. Easily exploitable vulnerability
allows low privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server.
CVE-2018-2640
6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Supported versions that are affected are 5.5.58 and prior,
5.6.38 and prior and 5.7.20 and prior. Easily exploitable
vulnerability allows low privileged attacker with network
access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server.
CVE-2018-2665
6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Supported versions that are affected are 5.5.58 and prior,
5.6.38 and prior and 5.7.20 and prior. Easily exploitable
vulnerability allows low privileged attacker with network
access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server.
CVE-2018-2668
6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Supported versions that are affected are 5.5.58 and prior,
5.6.38 and prior and 5.7.20 and prior. Easily exploitable
vulnerability allows low privileged attacker with network
access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Server.
CVE-2017-3736
5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
The supported version that is affected is 12.1.3. Difficult
to exploit vulnerability allows unauthenticated attacker
with network access via HTTPS to compromise Application
Server. Successful attacks of this vulnerability can result
in unauthorized access to critical data or complete access
to all Application Server accessible data.
CVE-2017-3736
5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
The supported version that is affected is 12.1.3. Difficult
to exploit vulnerability allows unauthenticated attacker
with network access via HTTPS to compromise Application
Server. Successful attacks of this vulnerability can result
in unauthorized access to critical data or complete access
to all Application Server accessible data.
CVE-2017-3737
5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Supported versions that are affected are 5.6.38 and prior
and 5.7.20 and prior. Difficult to exploit vulnerability
allows unauthenticated attacker with network access via
multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized
access to critical data or complete access to all MySQL
Server accessible data.
CVE-2018-2647
5.5
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Supported versions that are affected are 5.6.38 and prior
and 5.7.20 and prior. Easily exploitable vulnerability
allows high privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server as well as unauthorized
update, insert or delete access to some of MySQL Server
accessible data.
CVE-2018-2591
4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Supported versions that are affected are 5.6.38 and prior
and 5.7.19 and prior. Easily exploitable vulnerability
allows high privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server.
CVE-2018-2576
4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Supported versions that are affected are 5.7.20 and prior.
Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a
hang or frequently repeatable crash (complete DOS) of MySQL
Server.
CVE-2018-2586
4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Supported versions that are affected are 5.7.20 and prior.
Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a
hang or frequently repeatable crash (complete DOS) of MySQL
Server.
CVE-2018-2646
4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Supported versions that are affected are 5.7.20 and prior.
Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a
hang or frequently repeatable crash (complete DOS) of MySQL
Server.
CVE-2018-2565
4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Supported versions that are affected are 5.7.20 and prior.
Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a
hang or frequently repeatable crash (complete DOS) of MySQL
Server.
CVE-2018-2600
4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Supported versions that are affected are 5.7.20 and prior.
Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a
hang or frequently repeatable crash (complete DOS) of MySQL
Server.
CVE-2018-2667
4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Supported versions that are affected are 5.7.20 and prior.
Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a
hang or frequently repeatable crash (complete DOS) of MySQL
Server.
CVE-2018-2590
4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Supported versions that are affected are 5.6.38 and prior
and 5.7.20 and prior. Easily exploitable vulnerability
allows high privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server.
CVE-2018-2645
4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Supported versions that are affected are 5.6.38 and prior
and 5.7.20 and prior. Easily exploitable vulnerability
allows high privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized
access to critical data or complete access to all MySQL
Server accessible data." [2]
MITIGATION
Oracle states:
"Due to the threat posed by a successful attack, Oracle
strongly recommends that customers apply CPU fixes as soon
as possible. Until you apply the CPU fixes, it may be
possible to reduce the risk of successful attack by blocking
network protocols required by an attack. For attacks that
require certain privileges or access to certain packages,
removing the privileges or the ability to access the
packages from users that do not need the privileges may help
reduce the risk of successful attack. Both approaches may
break application functionality, so Oracle strongly
recommends that customers test changes on non-production
systems. Neither approach should be considered a long-term
solution as neither corrects the underlying problem." [1]
REFERENCES
[1] Oracle Critical Patch Update Advisory - January 2018
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
[2] Text Form of Oracle Critical Patch Update - January 2018 Risk
Matrices
http://www.oracle.com/technetwork/security-advisory/cpujan2018verbose-3236630.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWl7nzox+lLeg9Ub1AQjxyw//UGAyoTgoj8H7p89wx2wIUiXE6ELfhdvp
3cnJpiXPdmtU6sSQ0DiuO0kvxCM8bjyIDwE/+nyxR3pAxv6zq0OMV/4apGZz7tGN
QqpodRj1rog3jLITzRKtl1StLyvwhNWf25ZG5Y4bVniq8T3xd/hwcXVuy0peylSL
wb0+lYTLfPyrPL/z3ZrgSkF673vmIGAS1Z950PLIjaxuNF89caWBe2s3ID/cMxiX
7ozQtBtDb42grIkM39pwpd73SmBpEFaLa47feceya7d7P/xg+3dOqvtx9N9ARB/j
Y7jDRDmyOF/wF7YZK77TsWrD/o+RzETUAitzqNmQSyBMMsCFLOZdc70+JOmAAAZH
H9Vh1NjMHe1a7AzvlOV63xWdLpe+3OWB6JRNr/FXPtpg9Qh8piYOI/FYimJdANpU
z4lEVT2vQq+QjUGWKfqkWt6Ln700rJgM/Bpb5Xts83To9rVcf240tEkyLQS83XTa
lcjf69PYLeQVaPnVk4Lwe3TFxMLC/X2BfNGRRRvqKhBvkKczAc8OtOsUuuSFdbwZ
0hDIvx1psKP2tC2KkCzzgOecAmAdfK1qOjp09yr+vc+j7qexEAtec+Wx7wQ8kALT
SlqbQjE8qY3M65oGCQsCBeeRT6/WOZAZqX2BD4f37fQxz8mFwDhiA7uPXNjZ1ojZ
djmBI28EDx8=
=dWZd
-----END PGP SIGNATURE-----