Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MariaDB Server 10.1.x < 10.1.20 Multiple DoS

Medium

Synopsis

The remote database server is affected by multiple Denial of Service (DoS) attack vectors.

Description

MariaDB is a community-developed fork of the MySQL relational database. The version of MariaDB installed on the remote host is 10.1.x earlier than 10.1.20, and is therefore affected by multiple vulnerabilities :

- A flaw exists in the 'trx_state_eq()' function that is triggered during the handling of state errors. This may allow an authenticated attacker to crash the database. Depending on the database's implementation, it varies if this vulnerability requires authenticated access (e.g. daily DBA duties) or may be exploited by a remote attacker (e.g. interfaced via a web application). (OSVDB 149062) - A flaw exists in the 'check_duplicate_key()' function that is triggered during the handling of error messages. This may allow an authenticated attacker to crash the database. Depending on the database's implementation, it varies if this vulnerability requires authenticated access (e.g. daily DBA duties) or may be exploited by a remote attacker (e.g. interfaced via a web application). (OSVDB 149063) - A flaw exists in the 'lock_rec_queue_validate()' function in 'lock/lock0lock.cc' that is triggered during the handling of lock requests. This may allow an authenticated attacker to crash the database. (OSVDB 149064) - A flaw exists in the 'JOIN::destroy()' function in 'sql/sql_select.cc' that is triggered during the handling of a specially crafted query. This may allow an authenticated attacker to crash the database. (OSVDB 149065) - A flaw exists in the 'calculate_cond_selectivity_for_table()' function in 'sql/opt_range.cc' that is triggered during the handling of 'thd->no_errors'. This may allow an authenticated attacker to crash the database. (OSVDB 149066) - A flaw exists in the 'date_add_interval()' function in 'sql/sql_time.cc' that is triggered during the handling of INTERVAL arguments. This may allow an authenticated attacker to crash the database. (OSVDB 149067) - A flaw exists in 'sql/item_subselect.cc' that is triggered during the handling of queries from the select/unit tree. This may allow an authenticated attacker to crash the database. (OSVDB 149068) - A flaw exists in the 'Item::check_well_formed_result()' function in 'sql/item.cc' that is triggered during the handling of row validation. This may allow an authenticated attacker to crash the database. (OSVDB 149069) - A flaw exists in 'sql/statistics.cc' that is triggered during the handling of stat tables. This may allow an authenticated attacker to crash the database. (OSVDB 149070) - A flaw exists in the 'Rpl_filter::parse_filter_rule()' function in 'sql/rpl_filter.cc' that is triggered during the clearing of wildcards. This may allow an authenticated attacker to crash the database. (OSVDB 149071) - A flaw exists in the 'lex_one_token()' function in 'sql/sql_lex.cc' that is triggered during the handling of a specially crafted query. This may allow an authenticated attacker to crash the database. (OSVDB 149106) - A flaw exists in the 'lock_reset_lock_and_trx_wait()' function in 'storage/innobase/lock/lock0lock.cc' that is triggered when handling values (e.g. NULL) in 'wait_lock'. This may allow an authenticated attacker to crash the database. (OSVDB 149350)

Solution

Upgrade to version 10.1.20 or later.