CVE-2017-3600
Published: 24 April 2017
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
Priority
Medium
CVSS 3 base score: 6.6
Status
| Package | Release | Status |
|---|---|---|
|
mariadb-10.0 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(10.0.28)
|
|
| xenial |
Not vulnerable
(10.0.36-0ubuntu0.16.04.1)
|
|
| yakkety |
Ignored
(reached end-of-life)
|
|
| zesty |
Does not exist
|
|
|
mariadb-10.1 Launchpad, Ubuntu, Debian |
artful |
Ignored
(reached end-of-life)
|
| bionic |
Not vulnerable
(1:10.1.34-0ubuntu0.18.04.1)
|
|
| cosmic |
Not vulnerable
(1:10.1.29-6ubuntu2)
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(10.1.19)
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Ignored
(reached end-of-life)
|
|
|
mariadb-5.5 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was released [5.5.53-1ubuntu0.14.04.1])
|
|
| upstream |
Released
(5.5.53)
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
mysql-5.5 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| precise |
Released
(5.5.57-0ubuntu0.12.04.1)
|
|
| trusty |
Released
(5.5.55-0ubuntu0.14.04.1)
|
|
| upstream |
Released
(5.5.55)
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
mysql-5.6 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was needed)
|
|
| upstream |
Released
(5.6.36)
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
mysql-5.7 Launchpad, Ubuntu, Debian |
artful |
Released
(5.7.18-0ubuntu1)
|
| bionic |
Released
(5.7.18-0ubuntu1)
|
|
| cosmic |
Released
(5.7.18-0ubuntu1)
|
|
| disco |
Released
(5.7.18-0ubuntu1)
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.7.18)
|
|
| xenial |
Released
(5.7.18-0ubuntu0.16.04.1)
|
|
| yakkety |
Released
(5.7.18-0ubuntu0.16.10.1)
|
|
| zesty |
Released
(5.7.18-0ubuntu0.17.04.1)
|
|
|
mysql-8.0 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| disco |
Does not exist
|
|
| eoan |
Not vulnerable
|
|
| focal |
Not vulnerable
|
|
| groovy |
Not vulnerable
|
|
| hirsute |
Not vulnerable
|
|
| impish |
Not vulnerable
|
|
| jammy |
Not vulnerable
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
|
percona-server-5.6 Launchpad, Ubuntu, Debian |
artful |
Ignored
(reached end-of-life)
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Ignored
(end of standard support, was needed)
|
|
| yakkety |
Ignored
(reached end-of-life)
|
|
| zesty |
Ignored
(reached end-of-life)
|
|
|
percona-xtradb-cluster-5.5 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was needed)
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
percona-xtradb-cluster-5.6 Launchpad, Ubuntu, Debian |
artful |
Ignored
(reached end-of-life)
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Ignored
(end of standard support, was needed)
|
|
| yakkety |
Ignored
(reached end-of-life)
|
|
| zesty |
Ignored
(reached end-of-life)
|
Notes
| Author | Note |
|---|---|
| mdeslaur | same as CVE-2016-5483 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3600
- http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
- https://ubuntu.com/security/notices/USN-3269-1
- https://ubuntu.com/security/notices/USN-3357-2
- NVD
- Launchpad
- Debian