MariaDB Server 5.5.x < 5.5.29 Multiple Buffer Overflows
Medium Nessus Network Monitor Plugin ID 9278
SynopsisThe remote database server is affected by multiple buffer overflow attack vectors.
DescriptionMariaDB is a community-developed fork of the MySQL relational database. The version of MariaDB installed on the remote host is earlier than 5.5.29, and is therefore affected by multiple buffer overflow vulnerabilities.
- An unspecified flaw exists in which the program fails to properly sanitize user-supplied input resulting in a buffer overflow. This may allow a remote attacker to execute arbitrary code under the permissions of the mysql daemon. (OSVDB 88060)
- A flaw exists in the 'acl_get()' function in 'sql/sql_acl.cc' which fails to properly sanitize user-supplied input during the access right checking routine, which will result in a stack-based buffer overflow. With a specially crafted database name, an authenticated remote attacker can potentially execute arbitrary code. (OSVDB 88066).
SolutionUpgrade to version 5.5.29, or higher, to address this vulnerability.