MariaDB 10.1.x < 10.1.13 Multiple Vulnerabilities

high Nessus Plugin ID 93739

Synopsis

The remote database server is affected by multiple vulnerabilities.

Description

The version of MariaDB running on the remote host is 10.1.x prior to 10.1.13. It is, therefore, affected by multiple vulnerabilities :

- An overflow condition exists in the extension_based_table_discovery() function in discover.cc due to improper validation of user-supplied input. An authenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.

- A flaw exists in the Item::basic_const_item() function that is triggered when handling nested NULLIF statements. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.

- A flaw exists in the Item::cache_const_expr_analyzer() function in item.cc that is triggered during the handling of caches. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.

- A flaw exists in the Item_sum_field::get_tmp_table_field() function in item_sum.h that is triggered during the handling of temporary tables. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.

- A flaw exists that is triggered during the handling of a specially crafted QT_ITEM_FUNC_NULLIF_TO_CASE NULLIF statement. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.

- A flaw exists in the Item::save_in_field() function that is triggered during the handling of date values. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.

- A flaw exists in the mariadb_dyncol_unpack() function in ma_dyncol.c due to improper validation of user-supplied input. An authenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.

Solution

Upgrade to MariaDB version 10.1.13 or later.

See Also

https://mariadb.org/mariadb-10-1-13-connectorj-1-3-7-now-available/

https://mariadb.com/kb/en/library/mariadb-10113-changelog/

https://mariadb.com/kb/en/library/mariadb-10113-release-notes/

Plugin Details

Severity: High

ID: 93739

File Name: mariadb_10_1_13.nasl

Version: 1.9

Type: remote

Family: Databases

Published: 9/27/2016

Updated: 1/2/2019

Configuration: Enable paranoid mode

Supported Sensors: Frictionless Assessment Agent, Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mariadb:mariadb

Required KB Items: Settings/ParanoidReport

Patch Publication Date: 3/25/2016

Vulnerability Publication Date: 2/21/2016