Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MariaDB Server 5.5.x < 5.5.29 Multiple Buffer Overflows

Medium

Synopsis

The remote database server is affected by multiple buffer overflow attack vectors.

Description

MariaDB is a community-developed fork of the MySQL relational database. The version of MariaDB installed on the remote host is earlier than 5.5.29, and is therefore affected by multiple buffer overflow vulnerabilities.

- An unspecified flaw exists in which the program fails to properly sanitize user-supplied input resulting in a buffer overflow. This may allow a remote attacker to execute arbitrary code under the permissions of the mysql daemon. (OSVDB 88060) - A flaw exists in the 'acl_get()' function in 'sql/sql_acl.cc' which fails to properly sanitize user-supplied input during the access right checking routine, which will result in a stack-based buffer overflow. With a specially crafted database name, an authenticated remote attacker can potentially execute arbitrary code. (OSVDB 88066).

Solution

Upgrade to version 5.5.29, or higher, to address this vulnerability.