This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote database server is affected by multiple vulnerabilities.
The version of MariaDB 5.5 installed on the remote host is a version
prior to 5.5.32. It is, therefore, potentially affected by the
following vulnerabilities :
- Errors exist related to the following subcomponents :
Audit Log, Data Manipulation Language, Full Text Search,
GIS, Server Optimizer, Server Parser and
Server Replication. (CVE-2013-1861, CVE-2013-3783,
CVE-2013-3793, CVE-2013-3802, CVE-2013-3804,
- Errors exist in the files 'sql/item_func.cc',
'sql/sql_table.cc', 'sql/table.cc' and
'storage/innobase/mem/mem0mem.c' that could allow
denial of service attacks. (OSVDB 97781, 97782, 97783,
97785, 97787, 97790, 97792, 97793, 97794, 97796, 97798,
- Errors exist in the functions or methods 'CONVERT_TZ
'setup_ref_array' and 'st_select_lex::nest_last_join'
that could allow denial of service attacks. (OSVDB
97784, 97786, 97788, 97795, 97797, 97799)
- A buffer overflow error exists in the file
'sql/opt_range.cc' in the function
'QUICK_GROUP_MIN_MAX_SELECT::next_min' that could allow
denial of service attacks and possibly arbitrary code
execution (OSVDB 97789)
- An unspecified issue exists in the file 'dbug/dbug.c'
in the macro 'str_to_buf' that has an unspecified
impact. (OSVDB 97791)
See also :
Upgrade to MariaDB 5.5.32 or later.
Risk factor :
High / CVSS Base Score : 8.5
CVSS Temporal Score : 7.4
Public Exploit Available : true