Detections
Analytics

MariaDB 5.5 < 5.5.32 Multiple Vulnerabilities

medium Nessus Plugin ID 72373

Language:

Synopsis

The remote database server is affected by multiple vulnerabilities.

Description

The version of MariaDB 5.5 running on the remote host is a version prior to 5.5.32. It is, therefore, potentially affected by the following vulnerabilities :

 - Errors exist related to the following subcomponents :
 Audit Log, Data Manipulation Language, Full Text Search, GIS, Server Optimizer, Server Parser and Server Replication. (CVE-2013-1861, CVE-2013-3783, CVE-2013-3793, CVE-2013-3802, CVE-2013-3804, CVE-2013-3809, CVE-2013-3812)

 - Errors exist in the files 'sql/item_func.cc', 'sql/item_sum.cc', 'sql/item_timefunc.cc', 'sql/opt_range.cc', 'sql/sql_derived.cc', 'sql/sql_insert.cc', 'sql/sql_select.cc', 'sql/sql_table.cc', 'sql/table.cc' and 'storage/innobase/mem/mem0mem.c' that could allow denial of service attacks.

 - Errors exist in the functions or methods 'CONVERT_TZ Item_func_min_max::get_date', 'my_decimal2decimal', 'setup_ref_array' and 'st_select_lex::nest_last_join' that could allow denial of service attacks.

 - A buffer overflow error exists in the file 'sql/opt_range.cc' in the function 'QUICK_GROUP_MIN_MAX_SELECT::next_min' that could allow denial of service attacks and possibly arbitrary code execution

 - An unspecified issue exists in the file 'dbug/dbug.c' in the macro 'str_to_buf' that has an unspecified impact.

Solution

Upgrade to MariaDB version 5.5.32 or later.

See Also

https://mariadb.com/kb/en/library/mariadb-5532-changelog/

Plugin Details

Severity: Medium

ID: 72373

File Name: mariadb_5_5_32.nasl

Version: 1.12

Type: remote

Family: Databases

Published: 2/6/2014

Updated: 11/18/2022

Configuration: Enable paranoid mode

Supported Sensors: Frictionless Assessment Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS Score Source: CVE-2013-3809

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2016-0502

Vulnerability Information

CPE: cpe:/a:mariadb:mariadb

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/18/2013

Vulnerability Publication Date: 5/21/2013

Reference Information

CVE: CVE-2013-1861, CVE-2013-3783, CVE-2013-3793, CVE-2013-3802, CVE-2013-3804, CVE-2013-3809, CVE-2013-3812, CVE-2016-0502

BID: 58511, 61210, 61244, 61249, 61260, 61264, 61272, 62085