MariaDB Server 10.1.x < 10.1.13 Multiple DoS

Medium Nessus Network Monitor Plugin ID 9294

Synopsis

The remote database server is affected by multiple Denial of Service (DoS) attack vectors.

Description

MariaDB is a community-developed fork of the MySQL relational database. The version of MariaDB installed on the remote host is 10.1.x earlier than 10.1.13, and is therefore affected multiple vulnerabilities :

- A flaw exists in the 'Item::basic_const_item()' function that is triggered when handling nested NULLIF statements. This may allow an authenticated attacker to crash the database. (OSVDB 136368)
- A flaw exists in the 'Item::cache_const_expr_analyzer()' function in 'sql/item.cc' that is triggered during the handling of caches. This may allow an authenticated attacker to crash the database. (OSVDB 136369)
- A flaw exists in the 'Item_sum_field::get_tmp_table_field()' function in 'sql/item_sum.h' that is triggered during the handling of temporary tables. This may allow an authenticated attacker to crash the database. (OSVDB 136371)
- A flaw exists that is triggered during the handling of a specially crafted 'QT_ITEM_FUNC_NULLIF_TO_CASE NULLIF' statement. This may allow an authenticated attacker to crash the database. (OSVDB 136372)
- A flaw exists in the 'Item::save_in_field()' function that is triggered during the handling of date values. This may allow an authenticated attacker to crash the database. (OSVDB 136373)

Solution

Upgrade to version 10.1.13 or later.

See Also

https://mariadb.com/kb/en/mariadb-10113-changelog

https://jira.mariadb.org/browse/MDEV-9604

https://jira.mariadb.org/browse/MDEV-9641

https://jira.mariadb.org/browse/MDEV-9644

https://jira.mariadb.org/browse/MDEV-9656

https://jira.mariadb.org/browse/MDEV-9682

https://jira.mariadb.org/browse/MDEV-9683

Plugin Details

Severity: Medium

ID: 9294

Family: Database

Published: 2016/05/13

Modified: 2016/12/12

Dependencies: 8693

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 6.5

Temporal Score: 6

Vector: CVSS3#AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mariadb:mariadb

Patch Publication Date: 2016/03/25

Vulnerability Publication Date: 2016/02/21