MariaDB 10.0.0 < 10.0.18 Multiple Vulnerabilities

high Nessus Plugin ID 167888

Synopsis

The remote database server is affected by multiple vulnerabilities.

Description

The version of MariaDB installed on the remote host is prior to 10.0.18. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-10-0-18-release-notes advisory.

- Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. (CVE-2014-8964)

- Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.
(CVE-2015-0499)

- Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.
(CVE-2015-0501)

- Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. (CVE-2015-0505)

- The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier. (CVE-2015-2325)

- The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by ((?+1)(\1))/. (CVE-2015-2326)

- Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
(CVE-2015-2571)

- Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
(CVE-2015-4757)

- Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. (CVE-2015-4866)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to MariaDB version 10.0.18 or later.

See Also

https://mariadb.com/kb/en/mariadb-10-0-18-release-notes

Plugin Details

Severity: High

ID: 167888

File Name: mariadb_10_0_18.nasl

Version: 1.2

Type: combined

Agent: windows, macosx, unix

Family: Databases

Published: 11/18/2022

Updated: 11/18/2022

Supported Sensors: Frictionless Assessment Agent, Nessus Agent

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2015-2325

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mariadb:mariadb

Required KB Items: installed_sw/MariaDB

Exploit Ease: No known exploits are available

Patch Publication Date: 5/7/2015

Vulnerability Publication Date: 11/20/2014

Reference Information

CVE: CVE-2014-8964, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2325, CVE-2015-2326, CVE-2015-2571, CVE-2015-4757, CVE-2015-4866