Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM85463F72568A9A664F3B07C334B1220E306A04416D6A0CB8085A64096CFDF514
HistoryJun 18, 2018 - 1:38 a.m.

Security Bulletin: Vulnerabilities in MariaDB affect PowerKVM

2018-06-1801:38:06
www.ibm.com
32

EPSS

0.118

Percentile

95.4%

JSON

Summary

PowerKVM is affected by vulnerabilities in MariaDB. IBM has now addressed these vulnerabilities.

Vulnerability Details

CVEID: CVE-2017-3600**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Client mysqldump component could allow an authenticated attacker to take control of the system.
CVSS Base Score: 6.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/124973 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-3464**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server: DDL component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/124844 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2017-3456**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server: DML component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/124836 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-3453**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/124833 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-3318**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: Error Handling component could allow a local attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120896 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N)

CVEID: CVE-2017-3317**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Logging component could allow a local attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120895 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-3313**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: MyISAM component could allow a local attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base Score: 4.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120892 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2017-3312**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: Packaging component has high confidentiality impact, high integrity impact, and high availability impact.
CVSS Base Score: 6.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120882 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-3309**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 7.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/124824 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)

CVEID: CVE-2017-3308**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server: DML component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 7.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/124823 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)

CVEID: CVE-2017-3302**
DESCRIPTION:** Multiple Oracle products are vulnerable to a denial of service, caused by a use-after-free vulnerability in the libmysqlclient.so. An attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/122004 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-3291**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: Packaging component has high confidentiality impact, high integrity impact, and high availability impact.
CVSS Base Score: 6.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120889 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-3265**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: Packaging component has high confidentiality impact, no integrity impact, and high availability impact.
CVSS Base Score: 5.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120890 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H)

CVEID: CVE-2017-3258**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: DDL component could allow a remote attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120883 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-3244**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: DML component could allow a remote attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120885 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-3243**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: Charsets component could allow a remote attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120893 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-3238**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120887 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-6664**
DESCRIPTION:** Oracle MySQL could allow a local authenticated attacker to gain elevated privileges on the system, caused by the improper handling of the creation of error log file by the mysqld_safe script. An attacker could exploit this vulnerability to gain root privileges on the system.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119181 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-5617**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: Error Handling component has high confidentiality impact, high integrity impact, and high availability impact.
CVSS Base Score: 7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118098 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

PowerKVM 3.1

Remediation/Fixes

Customers can update PowerKVM systems by using “yum update”.

Fix images are made available via Fix Central. For version 3.1, see https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 10.

Workarounds and Mitigations

none

Related

fedora 9
openvas 47
nessus 70
centos 1
redhat 4
suse 14
debian 12
osv 7
oraclelinux 1
gentoo 2
mageia 2
slackware 3
amazon 4
altlinux 1
ubuntu 3
freebsd 1
redhatcve 2
f5 5
prion 1
nvd 1
cve 1
ubuntucve 1
threatpost 1
seebug 1
packetstorm 1
exploitpack 1
cvelist 1
alpinelinux 1
veracode 1
fedora
fedora
[SECURITY] Fedora 24 Update: mariadb-10.1.24-3.fc24
2017-06-16 17:51:10
[SECURITY] Fedora 26 Update: mariadb-10.1.24-3.fc26
2017-06-16 13:24:35
[SECURITY] Fedora 25 Update: mariadb-10.1.24-3.fc25
2017-06-16 18:53:40
openvas
openvas
RedHat Update for mariadb RHSA-2017:2192-01
2017-08-04 00:00:00
Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2017-1170)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2017-1169)
2020-01-23 00:00:00
nessus
nessus
CentOS 7 : mariadb (CESA-2017:2192)
2017-08-25 00:00:00
RHEL 7 : mariadb (RHSA-2017:2192)
2017-08-03 00:00:00
Oracle Linux 7 : mariadb (ELSA-2017-2192)
2017-08-09 00:00:00
centos
centos
mariadb security update
2017-08-24 01:39:47
redhat
redhat
(RHSA-2017:2192) Moderate: mariadb security and bug fix update
2017-08-01 05:58:44
(RHSA-2018:0279) Moderate: rh-mariadb100-mariadb security update
2018-02-06 10:37:36
(RHSA-2018:0574) Moderate: rh-mariadb101-mariadb and rh-mariadb101-galera security and bug fix update
2018-03-21 13:36:47
suse
suse
Security update for mysql (important)
2017-02-07 00:07:36
Security update for mariadb (important)
2017-02-07 18:08:59
Security update for mariadb (important)
2017-02-17 04:16:24
debian
debian
[SECURITY] [DSA 3767-1] mysql-5.5 security update
2017-01-19 20:31:53
[SECURITY] [DSA 3767-1] mysql-5.5 security update
2017-01-19 20:31:53
[SECURITY] [DLA 797-1] mysql-5.5 security update
2017-01-25 01:53:37
osv
osv
mysql-5.5 - security update
2017-01-25 00:00:00
mysql-5.5 - security update
2017-01-19 00:00:00
mariadb-10.0 - security update
2017-01-22 00:00:00
oraclelinux
oraclelinux
mariadb security and bug fix update
2017-08-07 00:00:00
gentoo
gentoo
MariaDB: Multiple vulnerabilities
2017-02-20 00:00:00
MySQL: Multiple vulnerabilities
2017-02-20 00:00:00
mageia
mageia
Updated mariadb packages fix security vulnerability
2017-02-20 16:00:19
Updated mariadb packages fix security vulnerability
2017-03-31 09:14:39
slackware
slackware
[slackware-security] mariadb
2017-01-18 20:40:17
[slackware-security] mariadb
2017-07-14 22:13:14
[slackware-security] mariadb
2017-03-28 20:35:48
amazon
amazon
Medium: mysql55
2017-01-26 18:00:00
Medium: mysql56
2017-01-26 18:00:00
Medium: mysql55
2017-05-19 00:27:00
altlinux
altlinux
Security fix for the ALT Linux 8 package mariadb version 10.1.23-alt1
2017-05-05 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2017-01-19 00:00:00
MySQL vulnerabilities
2017-07-24 00:00:00
MySQL vulnerabilities
2017-04-27 00:00:00
freebsd
freebsd
mysql -- multiple vulnerabilities
2017-01-18 00:00:00
redhatcve
redhatcve
CVE-2017-3312
2019-10-10 10:23:00
CVE-2016-6664
2016-11-03 22:17:38
f5
f5
K38624343 : MySQL vulnerabilities CVE-2017-3308, CVE-2017-3456, CVE-2017-3464, and CVE-2020-2780
2022-01-18 00:00:00
K92071148 : Server component of Oracle MySQL vulnerabilities CVE-2016-8318, CVE-2017-3291, CVE-2017-3312, CVE-2017-3313, and CVE-2017-3320
2017-04-11 00:00:00
K98750200 : Server component of Oracle MySQL vulnerabilities CVE-2017-3243, CVE-2017-3244, CVE-2017-3257, CVE-2017-3265, and CVE-2017-3273
2017-04-11 00:00:00
prion
prion
Design/Logic Flaw
2016-10-25 14:31:00
nvd
nvd
CVE-2016-5617
2016-10-25 14:31:31
cve
cve
CVE-2016-5617
2016-10-25 14:31:31
ubuntucve
ubuntucve
CVE-2016-6664
2016-12-13 00:00:00
threatpost
threatpost
Critical MySQL Vulnerabilities Can Lead to Server Compromise
2016-11-02 14:02:10
seebug
seebug
MySQL / MariaDB / PerconaDB elevation of privilege vulnerability, CVE-2016-6664)
2016-11-02 00:00:00
packetstorm
packetstorm
MySQL / MariaDB / PerconaDB Root Privilege Escalation
2016-11-02 00:00:00
exploitpack
exploitpack
MySQL MariaDB PerconaDB 5.5.x5.6.x5.7.x - root System User Privilege Escalation
2016-11-01 00:00:00
cvelist
cvelist
CVE-2016-5617
2016-10-25 14:00:00
alpinelinux
alpinelinux
CVE-2016-6664
2016-12-13 21:59:01
veracode
veracode
Privilege Escalation
2019-01-15 09:21:18

EPSS

0.118

Percentile

95.4%

JSON
Related for 85463F72568A9A664F3B07C334B1220E306A04416D6A0CB8085A64096CFDF514
fedora9openvas47nessus70centos1redhat4suse14debian12osv7oraclelinux1gentoo2mageia2slackware3amazon4altlinux1ubuntu3freebsd1redhatcve2f55prion1nvd1cve1ubuntucve1threatpost1seebug1packetstorm1exploitpack1cvelist1alpinelinux1veracode1