Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2018.0026 Multiple vulnerabilities have been identified in Oracle MySQL 17 January 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Oracle MySQL Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Modify Arbitrary Files -- Existing Account Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-2703 CVE-2018-2696 CVE-2018-2668 CVE-2018-2667 CVE-2018-2665 CVE-2018-2647 CVE-2018-2646 CVE-2018-2645 CVE-2018-2640 CVE-2018-2622 CVE-2018-2612 CVE-2018-2600 CVE-2018-2591 CVE-2018-2590 CVE-2018-2586 CVE-2018-2585 CVE-2018-2583 CVE-2018-2576 CVE-2018-2573 CVE-2018-2565 CVE-2018-2562 CVE-2017-12617 CVE-2017-3737 CVE-2017-3736 Member content until: Friday, February 16 2018 Reference: ASB-2018.0017 ASB-2018.0013 ESB-2018.0174 ESB-2018.0158 ASB-2017.0218 ASB-2017.0209 ASB-2017.0202 ESB-2017.2487 OVERVIEW Multiple vulnerabilities have been identified in MySQL Connectors, versions 5.3.9 and prior, 6.9.9 and prior, 6.10.4 and prior MySQL Enterprise Monitor, versions 3.3.6.3293 and prior, 3.4.4.4226 and prior, 4.0.0.5135 and prior MySQL Server, versions 5.5.58 and prior, 5.6.38 and prior, 5.7.20 and prior [1] IMPACT The vendor has provided the following information regarding the vulnerabilities: "This Critical Patch Update contains 25 new security fixes for Oracle MySQL. 6 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials." [1] "CVE-2017-12617 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise WLM (Apache Tomcat). Successful attacks of this vulnerability can result in takeover of WLM (Apache Tomcat). CVE-2018-2585 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Supported versions that are affected are 6.9.9 and prior and 6.10.4 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVE-2018-2696 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2562 7.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVE-2018-2583 6.8 AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2612 6.5 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2703 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2622 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2573 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2640 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2665 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2668 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2017-3736 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N The supported version that is affected is 12.1.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Application Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Application Server accessible data. CVE-2017-3736 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N The supported version that is affected is 12.1.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Application Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Application Server accessible data. CVE-2017-3737 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVE-2018-2647 5.5 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVE-2018-2591 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2576 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2586 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2646 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2565 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2600 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2667 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2590 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE-2018-2645 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data." [2] MITIGATION Oracle states: "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. Until you apply the CPU fixes, it may be possible to reduce the risk of successful attack by blocking network protocols required by an attack. For attacks that require certain privileges or access to certain packages, removing the privileges or the ability to access the packages from users that do not need the privileges may help reduce the risk of successful attack. Both approaches may break application functionality, so Oracle strongly recommends that customers test changes on non-production systems. Neither approach should be considered a long-term solution as neither corrects the underlying problem." [1] REFERENCES [1] Oracle Critical Patch Update Advisory - January 2018 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html [2] Text Form of Oracle Critical Patch Update - January 2018 Risk Matrices http://www.oracle.com/technetwork/security-advisory/cpujan2018verbose-3236630.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWl7nzox+lLeg9Ub1AQjxyw//UGAyoTgoj8H7p89wx2wIUiXE6ELfhdvp 3cnJpiXPdmtU6sSQ0DiuO0kvxCM8bjyIDwE/+nyxR3pAxv6zq0OMV/4apGZz7tGN QqpodRj1rog3jLITzRKtl1StLyvwhNWf25ZG5Y4bVniq8T3xd/hwcXVuy0peylSL wb0+lYTLfPyrPL/z3ZrgSkF673vmIGAS1Z950PLIjaxuNF89caWBe2s3ID/cMxiX 7ozQtBtDb42grIkM39pwpd73SmBpEFaLa47feceya7d7P/xg+3dOqvtx9N9ARB/j Y7jDRDmyOF/wF7YZK77TsWrD/o+RzETUAitzqNmQSyBMMsCFLOZdc70+JOmAAAZH H9Vh1NjMHe1a7AzvlOV63xWdLpe+3OWB6JRNr/FXPtpg9Qh8piYOI/FYimJdANpU z4lEVT2vQq+QjUGWKfqkWt6Ln700rJgM/Bpb5Xts83To9rVcf240tEkyLQS83XTa lcjf69PYLeQVaPnVk4Lwe3TFxMLC/X2BfNGRRRvqKhBvkKczAc8OtOsUuuSFdbwZ 0hDIvx1psKP2tC2KkCzzgOecAmAdfK1qOjp09yr+vc+j7qexEAtec+Wx7wQ8kALT SlqbQjE8qY3M65oGCQsCBeeRT6/WOZAZqX2BD4f37fQxz8mFwDhiA7uPXNjZ1ojZ djmBI28EDx8= =dWZd -----END PGP SIGNATURE-----