Mandriva Linux Security Advisory : mariadb (MDVSA-2014:028)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilities has been discovered and corrected in
mariadb :

Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before
5.5.35 allows remote database servers to cause a denial of service
(crash) and possibly execute arbitrary code via a long server version
string (CVE-2014-0001).

Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to InnoDB (CVE-2014-0412).

Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Optimizer (CVE-2014-0437).

Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier
allows remote attackers to affect availability via unknown vectors
related to Error Handling (CVE-2013-5908).

Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote
authenticated users to affect availability via unknown vectors related
to Replication (CVE-2014-0420).

Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier
allows remote authenticated users to affect integrity via unknown
vectors related to InnoDB (CVE-2014-0393).

Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote
authenticated users to affect availability via unknown vectors related
to Partition (CVE-2013-5891).

Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Optimizer (CVE-2014-0386).

Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier
allows remote authenticated users to affect availability via unknown
vectors (CVE-2014-0401).

Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Locking (CVE-2014-0402).

The updated packages have been upgraded to the 5.5.35 version which is
not vulnerable to these issues.

See also :

http://www.nessus.org/u?17c46362
https://mariadb.com/kb/en/mariadb-5535-release-notes/

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now