CVE-2017-3460 in MySQL Server
Summary
by MITRE
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 12/20/2020
The vulnerability identified as CVE-2017-3460 resides within the MySQL Server component of Oracle MySQL, specifically within the Server: Audit Plug-in subcomponent. This flaw affects MySQL versions 5.7.17 and earlier, representing a significant security concern for database administrators and system operators. The vulnerability operates at a foundational level within the database server architecture, potentially compromising the integrity and availability of critical data infrastructure. The affected version range indicates that this issue was present in a substantial portion of MySQL deployments during the period when this vulnerability was actively exploited, making it particularly concerning for organizations maintaining legacy database systems.
The technical nature of this vulnerability manifests as a flaw within the audit plugin functionality of MySQL Server, which is designed to monitor and log database activities for security and compliance purposes. The vulnerability allows a high privileged attacker with network access to exploit this weakness through multiple protocols, demonstrating the broad attack surface that exists for this particular flaw. The audit plugin's design and implementation contains a weakness that can be leveraged to cause a complete denial of service condition. This occurs through mechanisms that lead to either a hang condition or a frequently repeatable crash of the MySQL Server process, effectively rendering the database service unavailable to legitimate users and applications. The exploitability factor is rated as easily "exploitable" indicating that the vulnerability requires minimal effort or specialized knowledge to successfully compromise the target system.
From an operational impact perspective, this vulnerability creates a severe availability threat that can completely disrupt database services and potentially impact business operations. The successful exploitation results in unauthorized ability to cause a hang or frequently repeatable crash of MySQL Server, which translates to a complete denial of service condition. This type of impact directly violates the availability principles of the CIA triad and can lead to significant business disruption, data unavailability, and potential financial losses. The CVSS 3.0 Base Score of 4.9 reflects the moderate to high severity of the impact, with the availability impact component rated at 8.0, indicating that the vulnerability primarily affects the availability of the database service. The attack vector is classified as network accessible with low attack complexity and high privileges required, suggesting that while the attack requires elevated access, the actual exploitation process is straightforward.
The vulnerability aligns with CWE-119, which addresses "Improper Restriction of Operations within the Bounds of a Memory Buffer," and potentially relates to CWE-476, "NULL Pointer Dereference," as these types of flaws commonly occur in audit and logging components. The attack pattern follows the MITRE ATT&CK framework's techniques for privilege escalation and defense evasion, as attackers leverage the audit plugin functionality to cause service disruption. Organizations should implement immediate mitigations including applying the relevant Oracle security patches, implementing network segmentation to limit access to database servers, and monitoring for unusual network activity that might indicate exploitation attempts. The patching strategy should prioritize immediate deployment of Oracle's security updates, while network controls such as firewall rules and access control lists should be implemented to restrict network access to database servers from unauthorized sources. Additionally, organizations should conduct comprehensive vulnerability assessments to identify and remediate similar vulnerabilities in other database components and ensure that audit logging mechanisms are properly configured and monitored for anomalous behavior.