Test ID:	1.3.6.1.4.1.25623.1.0.810773
Category:	Databases
Title:	Oracle MySQL Server Integer Overflow Vulnerability
Summary:	Oracle MySQL Server is prone to an integer overflow vulnerability.
Description:	Summary: Oracle MySQL Server is prone to an integer overflow vulnerability. Vulnerability Insight: Upon connection from a client, the server sends a greeting message and the client continues the communication by starting the authentication process. The authentication packet sent by the client contains a wealth of information including the client capabilities, username, password, etc. The packet is received by the server, and parsed by 'parse_client_handshake_packet()' function, in '/sql/auth/sql_authentication.cc'. Vulnerability Impact: Successful exploitation will allow remote attacker to cause a denial of service via a crafted authentication packet. Affected Software/OS: Oracle MySQL version 5.6.x branch up to 5.6.35 and 5.7.X branch up to 5.7.17. Solution: Upgrade to MySQL 5.6.36, 5.7.18 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-3599 BugTraq ID: 97754 http://www.securityfocus.com/bid/97754 https://www.exploit-db.com/exploits/41954/ https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/ RedHat Security Advisories: RHSA-2017:2787 https://access.redhat.com/errata/RHSA-2017:2787 RedHat Security Advisories: RHSA-2017:2886 https://access.redhat.com/errata/RHSA-2017:2886 http://www.securitytracker.com/id/1038287
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.