Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MariaDB Server 10.2.x < 10.2.3 Multiple DoS

Medium

Synopsis

The remote database server is affected by multiple Denial of Service (DoS) attack vectors.

Description

The version of MariaDB installed on the remote host is 10.2.x prior to 10.2.3, and is affected by multiple DoS vulnerabilities :

- An flaw exists in the 'wsrep_replicate_myisam' functionality that is triggered when dropping 'myisam' tables. This may allow an authenticated attacker to crash the database. (OSVDB 147136) - A flaw exists in the 'trx_state_eq()' function that is triggered during the handling of state errors. This may allow an authenticated attacker to crash the database. (OSVDB 149062) - A flaw exists in the 'lock_rec_queue_validate()' function in 'lock/lock0lock.cc' that is triggered during the handling of lock requests. This may allow an authenticated attacker to crash the database. (OSVDB 149064) - A flaw exists in the 'date_add_interval()' function in 'sql/sql_time.cc' that is triggered during the handling of INTERVAL arguments. This may allow an authenticated attacker to crash the database. (OSVDB 149067) - A flaw exists in 'sql/item_subselect.cc' that is triggered during the handling of queries from the select/unit tree. This may allow an authenticated attacker to crash the database. (OSVDB 149068) - A flaw exists in the 'Item::check_well_formed_result()' function in 'sql/item.cc' that is triggered during the handling of row validation. This may allow an authenticated attacker to crash the database. (OSVDB 149069) - A flaw exists in the 'lex_one_token()' function in 'sql/sql_lex.cc' that is triggered during the handling of a specially crafted query. This may allow an authenticated attacker to crash the database. (OSVDB 149106) - A flaw exists in the 'check_contains()' function in 'sql/item_jsonfunc.cc' that is triggered during the handling of a specially crafted array. This may allow an authenticated attacker to crash the database. (OSVDB 149337) - A flaw exists in the 'QUICK_RANGE_SELECT::init_ror_merged_scan()' function in 'sql/opt_range.cc' that is triggered during the handling of a specially crafted table column. This may allow an authenticated attacker to crash the database. (OSVDB 149338) - A flaw exists in the 'Item_func_json_extract::val_str()' function in 'sql/item_jsonfunc.cc' that is triggered during the handling of scalar values. This may allow an authenticated attacker to crash the database. (OSVDB 149339) - A flaw exists in the 'mark_object()' and 'mark_array()' functions in 'strings/json_lib.c' that is triggered during the handling of 'JSON_VALID' selections. That may allow an authenticated attacker to crash the database. (OSVDB 149340) - A flaw exists in the 'handle_match()' function in 'strings/json_lib.c' that is triggered during the handling of JSON arrays. This may allow an authenticated attacker to crash the database. (OSVDB 149341) - A flaw exists in the 'Item_func_json_array::fix_length_and_dec()' function in 'sql/item_jsonfunc.cc' that is triggered during the handling of NULL arguments. This may allow an authenticated attacker to crash the database. (OSVDB 149342) - A flaw exists in the 'Item_json_typecast::fix_length_and_dec()' function in 'sql/item_jsonfunc.cc' that is triggered during the handling of JSON casting. This may allow an authenticated attacker to crash the database. (OSVDB 149343) - A flaw exists in the 'parse_one_or_all()' function in 'sql/item_jsonfunc.cc' that is triggered when handling input passed via the 'one_or_all' parameter. This may allow an authenticated attacker to crash the database. (OSVDB 149344) - A flaw exists in the 'Item_func_json_extract::val_str()' function in 'sql/item_jsonfunc.cc' that is triggered during the handling of 'value_length'. This may allow an authenticated attacker to crash the database. (OSVDB 149345) - A flaw exists in the 'Item_func_json_extract::val_int()' function in 'sql/item_jsonfunc.cc' that is triggered during the handling of NULL paths. This may allow an authenticated attacker to crash the database. (OSVDB 149346) - A flaw exists in the 'mysql_rm_table_no_locks()' function in 'sql/sql_table.cc' that is triggered when dropping temporary tables. This may allow an authenticated attacker to crash the database. This issue was introduced in commit 7305be2f7e724e5e62961606794beab199d79045 on 2016-06-10. (OSVDB 149348) - A flaw exists in the 'check_view_single_update()' function in 'sql/sql_insert.cc' that is triggered when inserting specially crafted tables. This may allow an authenticated attacker to crash the database. (OSVDB 149349) - A flaw exists in the 'lock_reset_lock_and_trx_wait()' function in 'storage/innobase/lock/lock0lock.cc' that is triggered when handling values (e.g. NULL) in 'wait_lock'. This may allow an authenticated attacker to crash the database. (OSVDB 149350) - A flaw exists in the 'Item_cache::safe_charset_converter()' function in 'sql/item.cc' that is triggered during the handling of a specially crafted subselect query item. This may allow an authenticated attacker to crash the database. (OSVDB 149351)

NOTE: Depending on the database's implementation, it varies if these vulnerabilities require authenticated access (e.g. daily DBA duties) or may be exploited by a remote attacker (e.g. interfaced via a web application).

Solution

Upgrade to version 10.2.3 or later.