MariaDB 5.5 < 5.5.32 Multiple Vulnerabilities

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.

Synopsis :

The remote database server is affected by multiple vulnerabilities.

Description :

The version of MariaDB 5.5 running on the remote host is a version
prior to 5.5.32. It is, therefore, potentially affected by the
following vulnerabilities :

- Errors exist related to the following subcomponents :
Audit Log, Data Manipulation Language, Full Text Search,
GIS, Server Optimizer, Server Parser and
Server Replication. (CVE-2013-1861, CVE-2013-3783,
CVE-2013-3793, CVE-2013-3802, CVE-2013-3804,
CVE-2013-3809, CVE-2013-3812)

- Errors exist in the files 'sql/',
'sql/', 'sql/',
'sql/', 'sql/',
'sql/', 'sql/',
'sql/', 'sql/' and
'storage/innobase/mem/mem0mem.c' that could allow
denial of service attacks. (VulnDB 97781, 97782, 97783,
97785, 97787, 97790, 97792, 97793, 97794, 97796, 97798,

- Errors exist in the functions or methods 'CONVERT_TZ
Item_func_min_max::get_date', 'my_decimal2decimal',
'setup_ref_array' and 'st_select_lex::nest_last_join'
that could allow denial of service attacks. (VulnDB
97784, 97786, 97788, 97795, 97797, 97799)

- A buffer overflow error exists in the file
'sql/' in the function
'QUICK_GROUP_MIN_MAX_SELECT::next_min' that could allow
denial of service attacks and possibly arbitrary code
execution (VulnDB 97789)

- An unspecified issue exists in the file 'dbug/dbug.c'
in the macro 'str_to_buf' that has an unspecified
impact. (VulnDB 97791)

See also :

Solution :

Upgrade to MariaDB version 5.5.32 or later.

Risk factor :

High / CVSS Base Score : 8.5
CVSS Temporal Score : 7.4
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now