Detections
Analytics
Slackware Linux 15.0 / current mariadb Vulnerability (SSA:2023-318-01)
medium Nessus Plugin ID 185709
Language:
Synopsis
The remote Slackware Linux host is missing a security update to mariadb.Description
The version of mariadb installed on the remote host is prior to 10.11.5 / 10.11.6 / 10.5.23. It is, therefore, affected by a vulnerability as referenced in the SSA:2023-318-01 advisory.- Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2023-22084)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade the affected mariadb package.See Also
Plugin Details
Severity: Medium
ID: 185709
File Name: Slackware_SSA_2023-318-01.nasl
Version: 1.0
Type: local
Family: Slackware Local Security Checks
Published: 11/15/2023
Updated: 11/15/2023
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 6.1
Temporal Score: 4.5
Vector: CVSS2#AV:N/AC:L/Au:M/C:N/I:N/A:C
CVSS Score Source: CVE-2023-22084
CVSS v3
Risk Factor: Medium
Base Score: 4.9
Temporal Score: 4.3
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:slackware:slackware_linux:mariadb, cpe:/o:slackware:slackware_linux, cpe:/o:slackware:slackware_linux:15.0
Required KB Items: Host/local_checks_enabled, Host/Slackware/release, Host/Slackware/packages
Exploit Ease: No known exploits are available
Patch Publication Date: 11/14/2023
Vulnerability Publication Date: 10/17/2023
Reference Information
CVE: CVE-2023-22084