Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.MARIADB_10_1_14.NASL
HistoryJun 22, 2016 - 12:00 a.m.

MariaDB 10.1.x < 10.1.14 Multiple Vulnerabilities

2016-06-2200:00:00
This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
JSON

The version of MariaDB running on the remote host is 10.1.x prior to 10.1.14. It is, therefore, affected by multiple vulnerabilities :

  • An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to disclose sensitive information. (CVE-2016-0643)

  • An unspecified flaw exists in the FTS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0647)

  • An unspecified flaw exists in the PS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0648)

  • An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0655)

  • An unspecified flaw exists in the Security: Privileges subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.
    (CVE-2016-0666)

  • An unspecified flaw exists in the Encryption subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information.
    (CVE-2016-3452)

  • An unspecified flaw in the InnoDB subcomponent allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3459)

  • An unspecified flaw in the Connection subcomponent allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-5444)

  • A heap corruption issue exists in the handle_connections_shared_memory() function in mysqld.cc due to improper sanitization of user-supplied input. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.

  • An overflow condition exists in the ha_connect::ha_connect() function in ha_connect.cc due to improper validation of user-supplied input when when handling partnames. An authenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.

  • An unspecified flaw exists in sql_insert.cc that is triggered during the handling of INSERT or REPLACE DELAYED statements. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.

  • A flaw exists in the embedded server in the cli_read_prepare_result() function in libmysql.c that is triggered when handling a CREATE TABLE statement. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.

  • A flaw exists in the acl_load() function in sql_acl.cc that is triggered when handling user tables. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.

  • A flaw exists in the cost_group_min_max() function in opt_range.cc that is triggered when handling a group by clause. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.

  • A flaw exists in the Item_subselect::is_expensive() function in item_subselect.cc that is triggered when handling a UNION query. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.

  • A flaw exists in the validate_password() function in sql_acl.cc that is triggered when handling NULL passwords. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.

  • A flaw exists in the Item_func_match::fix_index() function within file sql/item_func.cc due to improper handling of a full-text search of the utf8mb4 column.
    An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(91766);
  script_version("1.13");
  script_cvs_date("Date: 2019/11/14");

  script_cve_id(
    "CVE-2016-0643",
    "CVE-2016-0647",
    "CVE-2016-0648",
    "CVE-2016-0655",
    "CVE-2016-0666",
    "CVE-2016-3452",
    "CVE-2016-3459",
    "CVE-2016-5444"
  );
  script_bugtraq_id(
    86424,
    86457,
    86486,
    86495,
    86509,
    91943,
    91987,
    91999
  );

  script_name(english:"MariaDB 10.1.x < 10.1.14 Multiple Vulnerabilities");
  script_summary(english:"Checks the MariaDB version.");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of MariaDB running on the remote host is 10.1.x prior to
10.1.14. It is, therefore, affected by multiple vulnerabilities :

  - An unspecified flaw exists in the DML subcomponent that
    allows an authenticated, remote attacker to disclose
    sensitive information. (CVE-2016-0643)

  - An unspecified flaw exists in the FTS subcomponent that
    allows an authenticated, remote attacker to cause a
    denial of service condition. (CVE-2016-0647)

  - An unspecified flaw exists in the PS subcomponent that
    allows an authenticated, remote attacker to cause a
    denial of service condition. (CVE-2016-0648)

  - An unspecified flaw exists in the InnoDB subcomponent
    that allows an authenticated, remote attacker to cause a
    denial of service condition. (CVE-2016-0655)

  - An unspecified flaw exists in the Security: Privileges
    subcomponent that allows an authenticated, remote
    attacker to cause a denial of service condition.
    (CVE-2016-0666)

  - An unspecified flaw exists in the Encryption
    subcomponent that allows an unauthenticated, remote
    attacker to disclose sensitive information.
    (CVE-2016-3452)

  - An unspecified flaw in the InnoDB subcomponent allows an
    authenticated, remote attacker to cause a denial of
    service condition. (CVE-2016-3459)

  - An unspecified flaw in the Connection subcomponent
    allows an unauthenticated, remote attacker to disclose
    sensitive information. (CVE-2016-5444)

  - A heap corruption issue exists in the
    handle_connections_shared_memory() function in mysqld.cc
    due to improper sanitization of user-supplied input. An
    authenticated, remote attacker can exploit this to crash
    the database, resulting in a denial of service
    condition.

  - An overflow condition exists in the
    ha_connect::ha_connect() function in ha_connect.cc due
    to improper validation of user-supplied input when
    when handling partnames. An authenticated, remote
    attacker can exploit this to cause a denial of service
    condition or the execution of arbitrary code.

  - An unspecified flaw exists in sql_insert.cc that is
    triggered during the handling of INSERT or REPLACE
    DELAYED statements. An authenticated, remote attacker
    can exploit this to crash the database, resulting in a
    denial of service condition.

  - A flaw exists in the embedded server in the
    cli_read_prepare_result() function in libmysql.c that is
    triggered when handling a CREATE TABLE statement. An
    authenticated, remote attacker can exploit this to crash
    the database, resulting in a denial of service
    condition.

  - A flaw exists in the acl_load() function in sql_acl.cc
    that is triggered when handling user tables. An
    authenticated, remote attacker can exploit this to crash
    the database, resulting in a denial of service
    condition.

  - A flaw exists in the cost_group_min_max() function in
    opt_range.cc that is triggered when handling a group by
    clause. An authenticated, remote attacker can exploit
    this to crash the database, resulting in a denial of
    service condition.

  - A flaw exists in the Item_subselect::is_expensive()
    function in item_subselect.cc that is triggered when
    handling a UNION query. An authenticated, remote
    attacker can exploit this to crash the database,
    resulting in a denial of service condition.

  - A flaw exists in the validate_password() function in
    sql_acl.cc that is triggered when handling NULL
    passwords. An authenticated, remote attacker can exploit
    this to crash the database, resulting in a denial of
    service condition.

  - A flaw exists in the Item_func_match::fix_index()
    function within file sql/item_func.cc due to improper
    handling of a full-text search of the utf8mb4 column.
    An authenticated, remote attacker can exploit this to
    crash the database, resulting in a denial of service
    condition.");
  script_set_attribute(attribute:"see_also", value:"https://mariadb.org/mariadb-10-1-14-connectorj-1-4-4-now-available/");
  script_set_attribute(attribute:"see_also", value:"https://mariadb.com/kb/en/library/mariadb-10114-changelog/");
  script_set_attribute(attribute:"see_also", value:"https://mariadb.com/kb/en/library/mariadb-10114-release-notes/");
  script_set_attribute(attribute:"see_also", value:"https://jira.mariadb.org/browse/MDEV-9986");
  script_set_attribute(attribute:"solution", value:
"Upgrade to MariaDB version 10.1.14 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5444");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/05/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/22");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mariadb:mariadb");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mysql_version.nasl", "mysql_login.nasl");
  script_require_keys("Settings/ParanoidReport");
  script_require_ports("Services/mysql", 3306);

  exit(0);
}

include("mysql_version.inc");

mysql_check_version(variant:'MariaDB', fixed:'10.1.14-MariaDB', min:'10.1', severity:SECURITY_WARNING);
VendorProductVersionCPE
mariadbmariadbcpe:/a:mariadb:mariadb

Related

nessus 44
mageia 1
openvas 38
fedora 2
amazon 3
debian 5
ubuntu 3
ibm 2
redhat 6
oraclelinux 1
centos 1
f5 4
osv 7
prion 8
veracode 8
mariadbunix 8
cve 8
alpinelinux 6
ubuntucve 8
suse 8
redhatcve 3
freebsd 2
kaspersky 2
oracle 2
nessus
nessus
MariaDB 10.0.x < 10.0.25 Multiple Vulnerabilities
2016-06-22 00:00:00
MariaDB 5.5.x < 5.5.49 Multiple Vulnerabilities
2016-09-21 00:00:00
Oracle MySQL 5.5.x < 5.5.49 Multiple Vulnerabilities (April 2016 CPU) (July 2016 CPU)
2016-05-02 00:00:00
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2016-05-18 23:14:22
openvas
openvas
Mageia: Security Advisory (MGASA-2016-0182)
2022-01-28 00:00:00
Oracle MySQL Server <= 5.5.48 / 5.6 <= 5.6.29 / 5.7 <= 5.7.11 Security Update (cpuapr2016v3) - Linux
2016-05-05 00:00:00
Oracle MySQL Server <= 5.5.48 / 5.6 <= 5.6.29 / 5.7 <= 5.7.11 Security Update (cpuapr2016v3) - Windows
2016-04-25 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: community-mysql-5.6.30-1.fc22
2016-05-16 14:58:35
[SECURITY] Fedora 23 Update: community-mysql-5.6.30-1.fc23
2016-05-15 05:37:20
amazon
amazon
Critical: mysql56
2016-05-18 14:00:00
Important: mysql55
2016-08-17 13:30:00
Important: mysql56
2016-08-17 13:30:00
debian
debian
[SECURITY] [DSA 3595-1] mariadb-10.0 security update
2016-06-05 19:51:35
[SECURITY] [DSA 3595-1] mariadb-10.0 security update
2016-06-05 19:51:35
[SECURITY] [DLA 447-1] mysql-5.5 security update
2016-04-30 09:29:15
ubuntu
ubuntu
MySQL vulnerabilities
2016-04-25 00:00:00
MySQL vulnerabilities
2016-04-21 00:00:00
MySQL vulnerabilities
2016-07-21 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in mariadb affect PowerKVM
2018-06-18 01:33:09
Security Bulletin: IBM Security Guardium is affected by Open Source Oracle MySQL Vulnerabilities (multiple CVEs)
2018-06-16 21:50:33
redhat
redhat
(RHSA-2016:1602) Important: mariadb security update
2016-08-11 12:05:12
(RHSA-2016:1481) Moderate: mariadb55-mariadb security update
2016-07-25 07:45:27
(RHSA-2016:1480) Important: mysql55-mysql security update
2016-07-25 07:45:08
oraclelinux
oraclelinux
mariadb security update
2016-08-11 00:00:00
centos
centos
mariadb security update
2016-08-12 11:27:37
f5
f5
SOL70204455 - Multiple MySQL vulnerabilities
2016-08-05 00:00:00
K70204455 : Multiple MySQL vulnerabilities
2016-08-05 00:00:00
K42204713 : Multiple MySQL vulnerabilities
2016-09-30 00:00:00
osv
osv
mysql-5.5 - security update
2016-04-26 00:00:00
CVE-2016-5444
2016-07-21 10:14:00
CVE-2016-0648
2016-04-21 10:59:00
prion
prion
Design/Logic Flaw
2016-07-21 10:12:00
Design/Logic Flaw
2016-04-21 10:59:00
Design/Logic Flaw
2016-04-21 10:59:00
veracode
veracode
Information Disclosure
2019-05-02 05:29:22
Information Disclosure
2019-05-02 05:29:22
Denial Of Service (DoS)
2019-05-02 05:29:20
mariadbunix
mariadbunix
CVE-2016-5444
2016-07-21 10:14:00
CVE-2016-0643
2016-04-21 10:59:00
CVE-2016-0647
2016-04-21 10:59:00
cve
cve
CVE-2016-0643
2016-04-21 10:59:00
CVE-2016-0648
2016-04-21 10:59:00
CVE-2016-0647
2016-04-21 10:59:00
alpinelinux
alpinelinux
CVE-2016-0643
2016-04-21 10:59:00
CVE-2016-0647
2016-04-21 10:59:00
CVE-2016-3452
2016-07-21 10:12:00
ubuntucve
ubuntucve
CVE-2016-3452
2016-07-21 00:00:00
CVE-2016-5444
2016-07-21 00:00:00
CVE-2016-0647
2016-04-20 00:00:00
suse
suse
Security update for mysql (important)
2016-05-11 18:10:17
Security update for mysql-community-server (important)
2016-05-18 14:14:23
Security update for mariadb (important)
2016-06-27 15:08:28
redhatcve
redhatcve
CVE-2016-5444
2016-07-20 10:19:48
CVE-2016-3452
2016-07-20 09:48:40
CVE-2016-3459
2016-07-20 10:18:50
freebsd
freebsd
MySQL -- multiple vulnerabilities
2016-04-19 00:00:00
MySQL -- Multiple vulnerabilities
2016-07-20 00:00:00
kaspersky
kaspersky
KLA10794 Multiple vulnerabilities in Oracle MySQL
2016-04-19 00:00:00
KLA10847 Multiple vulnerabilities in Oracle MySQL
2016-07-19 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2016
2016-04-19 00:00:00
Oracle Critical Patch Update - July 2016
2016-07-19 00:00:00
JSON
Related for MARIADB_10_1_14.NASL
nessus44mageia1openvas38fedora2amazon3debian5ubuntu3ibm2redhat6oraclelinux1centos1f54osv7prion8veracode8mariadbunix8cve8alpinelinux6ubuntucve8suse8redhatcve3freebsd2kaspersky2oracle2