MariaDB 5.5 < 5.5.32 Multiple Vulnerabilities

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote database server is affected by multiple vulnerabilities.

Description :

The version of MariaDB 5.5 installed on the remote host is a version
prior to 5.5.32. It is, therefore, potentially affected by the
following vulnerabilities :

- Errors exist related to the following subcomponents :
Audit Log, Data Manipulation Language, Full Text Search,
GIS, Server Optimizer, Server Parser and
Server Replication. (CVE-2013-1861, CVE-2013-3783,
CVE-2013-3793, CVE-2013-3802, CVE-2013-3804,
CVE-2013-3809, CVE-2013-3812)

- Errors exist in the files 'sql/item_func.cc',
'sql/item_sum.cc', 'sql/item_timefunc.cc',
'sql/opt_range.cc', 'sql/sql_derived.cc',
'sql/sql_insert.cc', 'sql/sql_select.cc',
'sql/sql_table.cc', 'sql/table.cc' and
'storage/innobase/mem/mem0mem.c' that could allow
denial of service attacks. (OSVDB 97781, 97782, 97783,
97785, 97787, 97790, 97792, 97793, 97794, 97796, 97798,
97799)

- Errors exist in the functions or methods 'CONVERT_TZ
Item_func_min_max::get_date', 'my_decimal2decimal',
'setup_ref_array' and 'st_select_lex::nest_last_join'
that could allow denial of service attacks. (OSVDB
97784, 97786, 97788, 97795, 97797, 97799)

- A buffer overflow error exists in the file
'sql/opt_range.cc' in the function
'QUICK_GROUP_MIN_MAX_SELECT::next_min' that could allow
denial of service attacks and possibly arbitrary code
execution (OSVDB 97789)

- An unspecified issue exists in the file 'dbug/dbug.c'
in the macro 'str_to_buf' that has an unspecified
impact. (OSVDB 97791)

See also :

https://mariadb.com/kb/en/mariadb-5532-changelog/

Solution :

Upgrade to MariaDB 5.5.32 or later.

Risk factor :

High / CVSS Base Score : 8.5
(CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true