MariaDB Server 5.5.x < 5.5.55 DoS
Medium Nessus Network Monitor Plugin ID 9992
SynopsisThe remote database server is affected by multiple Denial of Service (DoS) attack vectors.
DescriptionMariaDB is a community-developed fork of the MySQL relational database. The version of MariaDB installed on the remote host is 5.5.x earlier than 5.5.55, and is therefore affected by multiple DoS vulnerabilities :
- A flaw exists in the 'Field_time::store_TIME_with_warning()' function that is triggered when handling a specially crafted 'INSERT' query. This may allow an authenticated attacker to crash the database. (OSVDB 153427)
- A flaw exists in the 'JOIN_CACHE::create_remaining_fields()' function in 'sql_join_cache.cc' that is triggered when handling data caching. This may allow an authenticated attacker to crash the database. (OSVDB 153428)
SolutionUpgrade to version 5.5.55 or later.