Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2020-01523

Опубликовано: 23 июл. 2019
Источник: fstec
CVSS3: 5.5
CVSS2: 7.5
EPSS Низкий

Описание

Уязвимость компонента InnoDB системы управления базами данных MySQL связана с недостатками контроля доступа. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, модифицировать данные или вызвать отказ в обслуживании при помощи специально сформированных сетевых пакетов

Вендор

Canonical Ltd.
Novell Inc.
Fedora Project
Red Hat Inc.
Oracle Corp.

Наименование ПО

Ubuntu
Suse Linux Enterprise Desktop
SUSE Linux Enterprise Server for SAP Applications
SUSE OpenStack Cloud
SUSE Linux Enterprise Module for Open Buildservice Development Tools
Suse Linux Enterprise Server
Fedora
Red Hat Enterprise Linux
OpenSUSE Leap
SUSE Linux Enterprise Module for Server Applications
MySQL
HPE Helion Openstack

Версия ПО

16.04 LTS (Ubuntu)
18.04 LTS (Ubuntu)
12 SP4 (Suse Linux Enterprise Desktop)
12 SP4 (SUSE Linux Enterprise Server for SAP Applications)
7 (SUSE OpenStack Cloud)
15 (SUSE Linux Enterprise Module for Open Buildservice Development Tools)
12 SP4 (Suse Linux Enterprise Server)
29 (Fedora)
19.04 (Ubuntu)
8 (Red Hat Enterprise Linux)
15 SP1 (SUSE Linux Enterprise Module for Open Buildservice Development Tools)
15.1 (OpenSUSE Leap)
30 (Fedora)
15 SP1 (SUSE Linux Enterprise Module for Server Applications)
15 (SUSE Linux Enterprise Module for Server Applications)
8 (SUSE OpenStack Cloud)
12 SP5 (Suse Linux Enterprise Server)
12 SP5 (SUSE Linux Enterprise Server for SAP Applications)
Crowbar 8 (SUSE OpenStack Cloud)
от 5.7.0 до 5.7.26 включительно (MySQL)
от 8.0.0 до 8.0.16 включительно (MySQL)
8 (HPE Helion Openstack)
9 (SUSE OpenStack Cloud)
Crowbar 9 (SUSE OpenStack Cloud)

Тип ПО

Операционная система
Прикладное ПО информационных систем
СУБД

Операционные системы и аппаратные платформы

Canonical Ltd. Ubuntu 16.04 LTS
Canonical Ltd. Ubuntu 18.04 LTS
Fedora Project Fedora 29
Canonical Ltd. Ubuntu 19.04
Red Hat Inc. Red Hat Enterprise Linux 8
Novell Inc. OpenSUSE Leap 15.1
Fedora Project Fedora 30

Уровень опасности уязвимости

Высокий уровень опасности (базовая оценка CVSS 2.0 составляет 7,5)
Средний уровень опасности (базовая оценка CVSS 3.0 составляет 5,5)

Возможные меры по устранению уязвимости

Использование рекомендаций:
Для программных продуктов Oracle Corp.:
https://www.oracle.com/security-alerts/cpujul2019.html
Для программных продуктов Novell Inc.:
https://www.suse.com/es-es/security/cve/CVE-2019-2758/
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/errata/RHSA-2019:2511
https://access.redhat.com/errata/RHSA-2019:3708
Для Ubuntu:
https://usn.ubuntu.com/4070-1/
https://usn.ubuntu.com/4070-3/
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 36%
0.00144
Низкий

5.5 Medium

CVSS3

7.5 High

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2019-2758

CVSS3: 5.5
ubuntu
почти 6 лет назад

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

redhat логотип

CVE-2019-2758

CVSS3: 5.5
redhat
почти 6 лет назад

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

nvd логотип

CVE-2019-2758

CVSS3: 5.5
nvd
почти 6 лет назад

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

debian логотип

CVE-2019-2758

CVSS3: 5.5
debian
почти 6 лет назад

Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...

github логотип

GHSA-3f7w-jxww-c39p

CVSS3: 5.5
github
около 3 лет назад

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

EPSS

Процентиль: 36%
0.00144
Низкий

5.5 Medium

CVSS3

7.5 High

CVSS2