The version of MariaDB running on the remote host is 10.0.x prior to 10.0.29. It is, therefore, affected by multiple vulnerabilities :

  - A privilege escalation vulnerability exists in     scripts/mysqld_safe.sh due to improper handling of     arguments to malloc-lib. A local attacker can exploit     this, via a symlink attack on error logs, to gain root     privileges. (CVE-2016-6664)

  - A denial of service vulnerability exists in the     check_duplicate_key() function due to improper handling     of error messages. An authenticated, remote attacker can     exploit this to crash the database.

  - A denial of service vulnerability exists in the     destroy() function in sql/sql_select.cc due to improper     handling of a specially crafted query. An authenticated,     remote attacker can exploit this to crash the database.

  - A denial of service vulnerability exists in the     date_add_interval() function in sql/sql_time.cc due to     improper handling of INTERVAL arguments. An     authenticated, remote attacker can exploit this to crash     the database.

  - A denial of service vulnerability exists in     sql/item_subselect.cc due to improper handling of     queries from the select/unit tree. An authenticated,     remote attacker can exploit this to crash the database.

  - A denial of service vulnerability exists in the     check_well_formed_result() function in sql/item.cc due     to improper handling of row validation. An     authenticated, remote attacker can exploit this to crash     the database.

  - A denial of service vulnerability exists in the     safe_charset_converter() function in sql/item.cc due to     improper handling of a specially crafted subselect query     item. An authenticated, remote attacker can exploit this     to crash the database.

MariaDB 10.0.x < 10.0.29 Multiple Vulnerabilities

high Nessus Plugin ID 96486

Version 1.10