MariaDB Server 5.5.x < 5.5.36 Remote Multiple Denial of Service Vulnerabilities

medium Nessus Network Monitor Plugin ID 8132

Synopsis

The remote database server is affected by multiple denial of service vulnerabilities.

Description

MariaDB is a community-developed fork of the MySQL relational database. The version of MariaDB installed on the remote host is earlier than 5.5.36, and is therefore likely to contain the following denial of service vulnerabilities:

- null-pointer dereference error when handling a specially crafted SELECT statement with subqueries (though this requires 'materialization' and 'semijoin' optimizer switches to be on).

- DoS vulnerability when handling KILL QUERY statements with certain concurrent SQL queries.

- DoS vulnerability when parsing specially crafted NAME_CONST expression containing AND/OR expressions.

- DoS vulnerability due to assertion failure when parsing specially crafted SELECT expression containing an invalid GROUP BY value.

- DoS vulnerability when handling specially crafted SELECT expression with JOIN phrases (though, successful exploitation requires 'sql_mode' setting to be set to 'ONLY_FULL_GROUP_BY').

- DoS vulnerability when handling concurrent UPDATE statements.

- Other attacks may be possible.

Solution

Upgrade to version 5.5.36, or higher, to address these vulnerabilities.

See Also

https://mariadb.com/kb/en/mariadb-5536-release-notes

https://mariadb.com/kb/en/mariadb-5536-changelog

https://mariadb.atlassian.net/browse/MDEV-5581

https://mariadb.atlassian.net/browse/MDEV-714

https://mariadb.atlassian.net/browse/MDEV-5655

https://mariadb.atlassian.net/browse/MDEV-5505

https://mariadb.atlassian.net/browse/MDEV-5629

Plugin Details

Severity: Medium

ID: 8132

Family: Database

Published: 2/24/2014

Updated: 3/6/2019

Nessus ID: 72709, 72710, 72711, 72712, 72713

Vulnerability Information

CPE: cpe:/a:mariadb:mariadb

Patch Publication Date: 2/24/2014

Vulnerability Publication Date: 2/24/2014

Reference Information

BID: 65757