Detections
Analytics
MariaDB 10.1.x < 10.1.13 Multiple Vulnerabilities
high Nessus Plugin ID 93739
Language:
Synopsis
The remote database server is affected by multiple vulnerabilities.Description
The version of MariaDB running on the remote host is 10.1.x prior to 10.1.13. It is, therefore, affected by multiple vulnerabilities :- An overflow condition exists in the extension_based_table_discovery() function in discover.cc due to improper validation of user-supplied input. An authenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
- A flaw exists in the Item::basic_const_item() function that is triggered when handling nested NULLIF statements. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.
- A flaw exists in the Item::cache_const_expr_analyzer() function in item.cc that is triggered during the handling of caches. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.
- A flaw exists in the Item_sum_field::get_tmp_table_field() function in item_sum.h that is triggered during the handling of temporary tables. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.
- A flaw exists that is triggered during the handling of a specially crafted QT_ITEM_FUNC_NULLIF_TO_CASE NULLIF statement. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.
- A flaw exists in the Item::save_in_field() function that is triggered during the handling of date values. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.
- A flaw exists in the mariadb_dyncol_unpack() function in ma_dyncol.c due to improper validation of user-supplied input. An authenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.
Solution
Upgrade to MariaDB version 10.1.13 or later.See Also
https://mariadb.org/mariadb-10-1-13-connectorj-1-3-7-now-available/
https://mariadb.com/kb/en/library/mariadb-10113-changelog/
https://mariadb.com/kb/en/library/mariadb-10113-release-notes/
Plugin Details
Severity: High
ID: 93739
File Name: mariadb_10_1_13.nasl
Version: 1.9
Type: remote
Family: Databases
Published: 9/27/2016
Updated: 1/2/2019
Configuration: Enable paranoid mode
Supported Sensors: Frictionless Assessment Agent, Nessus
Vulnerability Information
CPE: cpe:/a:mariadb:mariadb
Required KB Items: Settings/ParanoidReport
Patch Publication Date: 3/25/2016
Vulnerability Publication Date: 2/21/2016