MariaDB 10.0.0 < 10.0.15 Multiple Vulnerabilities
high Nessus Plugin ID 129355
Language:
Synopsis
The remote database server is affected by multiple vulnerabilitiesDescription
The version of MariaDB installed on the remote host is prior to 10.0.15. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-10015-release-notes advisory. These include the following:- An unspecified vulnerability in the 'SERVER:OPTIMIZER' component. This allows a remote, authenticated attacker to affect availability. (CVE-2014-6469)
- Two separate, unspecified vulnerabilities in the 'SERVER:SSL:yaSSL' component. These allow a remote attacker to affect confidentiality, integrity, and availability. (CVE-2014-6491, CVE-2014-6500)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to MariaDB version 10.0.15 or later.See Also
Plugin Details
Severity: High
ID: 129355
File Name: mariadb_10_0_15.nasl
Version: 1.4
Type: remote
Family: Databases
Published: 9/26/2019
Updated: 10/31/2019
Configuration: Enable paranoid mode
Supported Sensors: Frictionless Assessment Agent
Risk Information
VPR
Risk Factor: Medium
Score: 5.5
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Temporal Vector: E:U/RL:OF/RC:C
CVSS Score Source: CVE-2014-6500
CVSS v3
Risk Factor: High
Base Score: 7.3
Temporal Score: 6.4
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:mariadb:mariadb
Required KB Items: Settings/ParanoidReport
Exploit Ease: No known exploits are available
Patch Publication Date: 11/25/2014
Vulnerability Publication Date: 10/15/2014
Reference Information
CVE: CVE-2014-6464, CVE-2014-6469, CVE-2014-6491, CVE-2014-6494, CVE-2014-6496, CVE-2014-6500, CVE-2014-6507, CVE-2014-6555, CVE-2014-6559
BID: 70444, 70446, 70451, 70469, 70478, 70487, 70497, 70530, 70550