Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Required

Privileges Required

High

Attack Vector

Local

0

CVE-2017-3265

Disclosure Date: January 27, 2017 •

CVE-2017-3265 CVSS v3 Base Score: 5.6

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

5.6 Medium

Impact Score:

5.2

Exploitability Score:

0.3

Vector:

CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

High

Privileges Required (PR):

High

User Interaction (UI):

Required

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

None

Availability (A):

High

Vendors

debian,
mariadb,
oracle,
redhat

Products

debian linux 8.0,
enterprise linux desktop 7.0,
enterprise linux eus 7.4,
enterprise linux eus 7.5,
enterprise linux eus 7.6,
enterprise linux eus 7.7,
enterprise linux server 7.0,
enterprise linux server aus 7.4,
enterprise linux server aus 7.6,
enterprise linux server aus 7.7,
enterprise linux server tus 7.6,
enterprise linux server tus 7.7,
enterprise linux workstation 7.0,
mariadb,
mysql

References

Canonical

CVE-2017-3265 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3265)

BID-95520 (http://www.securityfocus.com/bid/95520)

Advisory

https://access.redhat.com/errata/RHSA-2017:2787

GLSA-201702-17 (https://security.gentoo.org/glsa/201702-17)

https://access.redhat.com/errata/RHSA-2018:0574

GLSA-201702-18 (https://security.gentoo.org/glsa/201702-18)

SECTRACK-1037640 (http://www.securitytracker.com/id/1037640)

https://access.redhat.com/errata/RHSA-2018:0279

DSA-3767 (http://www.debian.org/security/2017/dsa-3767)

http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html

DSA-3770 (http://www.debian.org/security/2017/dsa-3770)

https://access.redhat.com/errata/RHSA-2017:2192

Rapid7

Technical Analysis