Vulnerability Details : CVE-2017-3312

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts).
Publish Date : 2017-01-27 Last Update Date : 2022-08-04

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	3.5
Confidentiality Impact	Partial (There is considerable informational disclosure.)
Integrity Impact	Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact	Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity	High (Specialized access conditions exist. It is hard to exploit and several special conditions must be satisfied to exploit)
Authentication	???
Gained Access	None
Vulnerability Type(s)
CWE ID	CWE id is not defined for this vulnerability

- Related OVAL Definitions

Title	Definition Id	Class	Family
RHSA-2017:2192: mariadb security and bug fix update (Moderate)	oval:com.redhat.rhsa:def:20172192		unix

OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2017-3312

#	Product Type	Vendor	Product	Version	Update	Edition	Language
1	OS	Debian	Debian Linux	8.0	*	*	*	Version Details Vulnerabilities
2	Application	Mariadb	Mariadb	*	*	*	*	Version Details Vulnerabilities
3	Application	Oracle	Mysql	*	*	*	*	Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Debian	Debian Linux	1
Mariadb	Mariadb	1
Oracle	Mysql	1

- References For CVE-2017-3312

https://access.redhat.com/errata/RHSA-2018:0574
REDHAT RHSA-2018:0574

http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html CONFIRM

http://www.debian.org/security/2017/dsa-3770
DEBIAN DSA-3770

http://www.debian.org/security/2017/dsa-3767
DEBIAN DSA-3767

https://access.redhat.com/errata/RHSA-2017:2192
REDHAT RHSA-2017:2192

https://access.redhat.com/errata/RHSA-2017:2787
REDHAT RHSA-2017:2787

https://access.redhat.com/errata/RHSA-2017:2886
REDHAT RHSA-2017:2886

http://www.securitytracker.com/id/1037640
SECTRACK 1037640

https://access.redhat.com/errata/RHSA-2018:0279
REDHAT RHSA-2018:0279

https://security.gentoo.org/glsa/201702-17
GENTOO GLSA-201702-17

http://www.securityfocus.com/bid/95491
BID 95491 Oracle MySQL Server CVE-2017-3312 Local Security Vulnerability Release Date:2017-09-15

https://security.gentoo.org/glsa/201702-18
GENTOO GLSA-201702-18

- Metasploit Modules Related To CVE-2017-3312

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)