Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 DB:MYSQL:AUTH-INT-OF

Severity

 Major

Recommended

 Yes

Recommended Action

 Drop

Category

 DB

Keywords

 Oracle MySQL sql_authentication Integer Overflow

Release Date

 2017/05/09

Update Number

 2887

Supported Platforms

 idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

DB: Oracle MySQL sql_authentication Integer Overflow


This signature detects attempts to exploit a known vulnerability in Oracle MySQL. Successful exploitation could result in denial of service conditions on the target system.

Extended Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet.

Affected Products

  • Oracle mysql 5.6.0
  • Oracle mysql 5.6.1
  • Oracle mysql 5.6.10
  • Oracle mysql 5.6.11
  • Oracle mysql 5.6.12
  • Oracle mysql 5.6.13
  • Oracle mysql 5.6.14
  • Oracle mysql 5.6.15
  • Oracle mysql 5.6.16
  • Oracle mysql 5.6.17
  • Oracle mysql 5.6.18
  • Oracle mysql 5.6.19
  • Oracle mysql 5.6.2
  • Oracle mysql 5.6.20
  • Oracle mysql 5.6.21
  • Oracle mysql 5.6.22
  • Oracle mysql 5.6.23
  • Oracle mysql 5.6.24
  • Oracle mysql 5.6.25
  • Oracle mysql 5.6.26
  • Oracle mysql 5.6.27
  • Oracle mysql 5.6.28
  • Oracle mysql 5.6.29
  • Oracle mysql 5.6.3
  • Oracle mysql 5.6.30
  • Oracle mysql 5.6.31
  • Oracle mysql 5.6.32
  • Oracle mysql 5.6.33
  • Oracle mysql 5.6.34
  • Oracle mysql 5.6.35
  • Oracle mysql 5.6.4
  • Oracle mysql 5.6.5
  • Oracle mysql 5.6.6
  • Oracle mysql 5.6.7
  • Oracle mysql 5.6.8
  • Oracle mysql 5.6.9
  • Oracle mysql 5.7.0
  • Oracle mysql 5.7.1
  • Oracle mysql 5.7.10
  • Oracle mysql 5.7.11
  • Oracle mysql 5.7.12
  • Oracle mysql 5.7.13
  • Oracle mysql 5.7.14
  • Oracle mysql 5.7.15
  • Oracle mysql 5.7.16
  • Oracle mysql 5.7.17
  • Oracle mysql 5.7.2
  • Oracle mysql 5.7.3
  • Oracle mysql 5.7.4
  • Oracle mysql 5.7.5
  • Oracle mysql 5.7.6
  • Oracle mysql 5.7.7
  • Oracle mysql 5.7.8
  • Oracle mysql 5.7.9

References

  • BugTraq: 97754
  • CVE: CVE-2017-3599

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out