MariaDB 5.5 < 5.5.35 Multiple Vulnerabilities

medium Nessus Plugin ID 72374

Synopsis

The remote database server is affected by multiple vulnerabilities.

Description

The version of MariaDB 5.5 running on the remote host is a version prior to 5.5.35. It is, therefore, potentially affected by the following vulnerabilities :

- Errors exist related to the following subcomponents :
Error Handling, FTS, GIS, InnoDB, Locking, Optimizer, Partition, Performance Schema, Privileges, Replication, and Thread Pooling. (CVE-2013-5860, CVE-2013-5881, CVE-2013-5891, CVE-2013-5894, CVE-2013-5908, CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0420, CVE-2014-0427, CVE-2014-0430, CVE-2014-0431, CVE-2014-0433, CVE-2014-0437)

- An unspecified error exists related to stored procedures handling that could allow denial of service attacks. (CVE-2013-5882)

- An error exists in the file 'client/mysql.cc' that could allow a buffer overflow leading to denial of service or possibly arbitrary code execution.
(CVE-2014-0001)

Solution

Upgrade to MariaDB 5.5.35 or later.

See Also

https://mariadb.com/kb/en/library/mariadb-5535-changelog/

https://mariadb.atlassian.net/browse/MDEV-4974

https://mariadb.atlassian.net/browse/MDEV-5353

https://mariadb.atlassian.net/browse/MDEV-5356

https://mariadb.atlassian.net/browse/MDEV-5396

https://mariadb.atlassian.net/browse/MDEV-5405

https://mariadb.atlassian.net/browse/MDEV-5406

https://mariadb.atlassian.net/browse/MDEV-5453

https://mariadb.atlassian.net/browse/MDEV-5458

https://mariadb.atlassian.net/browse/MDEV-5461

https://mariadb.atlassian.net/browse/MDEV-5504

Plugin Details

Severity: Medium

ID: 72374

File Name: mariadb_5_5_35.nasl

Version: 1.12

Type: remote

Family: Databases

Published: 2/6/2014

Updated: 11/18/2022

Configuration: Enable paranoid mode

Supported Sensors: Frictionless Assessment Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS Score Source: CVE-2014-0412

Vulnerability Information

CPE: cpe:/a:mariadb:mariadb

Required KB Items: Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 1/29/2014

Vulnerability Publication Date: 1/14/2014

Reference Information

CVE: CVE-2013-5908, CVE-2014-0401, CVE-2014-0412, CVE-2014-0420, CVE-2014-0437

BID: 64849, 64854, 64864, 64868, 64873, 64877, 64880, 64885, 64888, 64891, 64893, 64895, 64896, 64897, 64898, 64904, 64908, 65298, 65312