ID MARIADB_10_1_7.NASL Type nessus Reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2021-03-02T00:00:00
Description
The version of MariaDB running on the remote host is 10.1.x prior to
10.1.7. It is, therefore, affected by multiple vulnerabilities :
A denial of service vulnerability exists in the
base_list_iterator::next_fast() function within file
sql/sql_parse.cc when handling multi-table updates. An
authenticated, remote attacker can exploit this to crash
the server.
A denial of service vulnerability exists in the
ACL_internal_schema_registry::lookup() function within
file sql/sql_acl.cc when handling multi-table updates.
An authenticated, remote attacker can exploit this to
crash the server.
A denial of service vulnerability exists in the
Item_func_group_concat::fix_fields() function within
file sql/item_sum.cc when handling arguments on the
second execution of PS. An authenticated, remote
attacker can exploit this to crash the server.
A denial of service vulnerability exists in
select_lex->non_agg_fields when using ONLY_FULL_GROUP_BY
in a stored procedure or trigger that is repeatedly
executed. An authenticated, remote attacker can exploit
this to crash the server.
A buffer overflow condition exists within the
my_multi_malloc() function when trying to allocate a key
cache of more than 45G with a key_cache_block_size of
1024 or less. An authenticated, remote attacker can
exploit this to cause an unspecified impact.
A denial of service vulnerability exists within the
page_cur_is_after_last() function when handling table
alteration encryption keys. An authenticated, remote
attacker can exploit this to crash the server.
A denial of service vulnerability exists within the
Bitmap<64u>::merge() function when handling a specially
crafted query. An authenticated, remote attacker can
exploit this to crash the server.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(93810);
script_version("1.8");
script_cvs_date("Date: 2019/01/02 11:18:37");
script_name(english:"MariaDB 10.1.x < 10.1.7 Multiple Vulnerabilities");
script_summary(english:"Checks the MariaDB version.");
script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of MariaDB running on the remote host is 10.1.x prior to
10.1.7. It is, therefore, affected by multiple vulnerabilities :
- A denial of service vulnerability exists in the
base_list_iterator::next_fast() function within file
sql/sql_parse.cc when handling multi-table updates. An
authenticated, remote attacker can exploit this to crash
the server.
- A denial of service vulnerability exists in the
ACL_internal_schema_registry::lookup() function within
file sql/sql_acl.cc when handling multi-table updates.
An authenticated, remote attacker can exploit this to
crash the server.
- A denial of service vulnerability exists in the
Item_func_group_concat::fix_fields() function within
file sql/item_sum.cc when handling arguments on the
second execution of PS. An authenticated, remote
attacker can exploit this to crash the server.
- A denial of service vulnerability exists in
select_lex->non_agg_fields when using ONLY_FULL_GROUP_BY
in a stored procedure or trigger that is repeatedly
executed. An authenticated, remote attacker can exploit
this to crash the server.
- A buffer overflow condition exists within the
my_multi_malloc() function when trying to allocate a key
cache of more than 45G with a key_cache_block_size of
1024 or less. An authenticated, remote attacker can
exploit this to cause an unspecified impact.
- A denial of service vulnerability exists within the
page_cur_is_after_last() function when handling table
alteration encryption keys. An authenticated, remote
attacker can exploit this to crash the server.
- A denial of service vulnerability exists within the
Bitmap<64u>::merge() function when handling a specially
crafted query. An authenticated, remote attacker can
exploit this to crash the server.");
script_set_attribute(attribute:"see_also", value:"https://mariadb.com/kb/en/library/mariadb-1017-release-notes/");
script_set_attribute(attribute:"see_also", value:"https://mariadb.com/kb/en/library/mariadb-1017-changelog/");
script_set_attribute(attribute:"solution", value:
"Upgrade to MariaDB version 10.1.7 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/07");
script_set_attribute(attribute:"patch_publication_date", value:"2015/09/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/30");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mariadb:mariadb");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Databases");
script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("mysql_version.nasl", "mysql_login.nasl");
script_require_keys("Settings/ParanoidReport");
script_require_ports("Services/mysql", 3306);
exit(0);
}
include("mysql_version.inc");
mysql_check_version(variant:'MariaDB', fixed:'10.1.7-MariaDB', min:'10.1', severity:SECURITY_HOLE);
{"id": "MARIADB_10_1_7.NASL", "bulletinFamily": "scanner", "title": "MariaDB 10.1.x < 10.1.7 Multiple Vulnerabilities", "description": "The version of MariaDB running on the remote host is 10.1.x prior to\n10.1.7. It is, therefore, affected by multiple vulnerabilities :\n\n - A denial of service vulnerability exists in the\n base_list_iterator::next_fast() function within file\n sql/sql_parse.cc when handling multi-table updates. An\n authenticated, remote attacker can exploit this to crash\n the server.\n\n - A denial of service vulnerability exists in the\n ACL_internal_schema_registry::lookup() function within\n file sql/sql_acl.cc when handling multi-table updates.\n An authenticated, remote attacker can exploit this to\n crash the server.\n\n - A denial of service vulnerability exists in the\n Item_func_group_concat::fix_fields() function within\n file sql/item_sum.cc when handling arguments on the\n second execution of PS. An authenticated, remote\n attacker can exploit this to crash the server.\n\n - A denial of service vulnerability exists in\n select_lex->non_agg_fields when using ONLY_FULL_GROUP_BY\n in a stored procedure or trigger that is repeatedly\n executed. An authenticated, remote attacker can exploit\n this to crash the server.\n\n - A buffer overflow condition exists within the\n my_multi_malloc() function when trying to allocate a key\n cache of more than 45G with a key_cache_block_size of\n 1024 or less. An authenticated, remote attacker can\n exploit this to cause an unspecified impact.\n\n - A denial of service vulnerability exists within the\n page_cur_is_after_last() function when handling table\n alteration encryption keys. An authenticated, remote\n attacker can exploit this to crash the server.\n\n - A denial of service vulnerability exists within the\n Bitmap<64u>::merge() function when handling a specially\n crafted query. An authenticated, remote attacker can\n exploit this to crash the server.", "published": "2016-09-30T00:00:00", "modified": "2021-03-02T00:00:00", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/93810", "reporter": "This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://mariadb.com/kb/en/library/mariadb-1017-release-notes/", "https://mariadb.com/kb/en/library/mariadb-1017-changelog/"], "cvelist": [], "type": "nessus", "lastseen": "2021-03-01T04:05:47", "edition": 29, "viewCount": 2, "enchantments": {"dependencies": {"references": [], "modified": "2021-03-01T04:05:47", "rev": 2}, "score": {"value": -0.2, "vector": "NONE", "modified": "2021-03-01T04:05:47", "rev": 2}, "vulnersScore": -0.2}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93810);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/01/02 11:18:37\");\n\n\n script_name(english:\"MariaDB 10.1.x < 10.1.7 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the MariaDB version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB running on the remote host is 10.1.x prior to\n10.1.7. It is, therefore, affected by multiple vulnerabilities :\n\n - A denial of service vulnerability exists in the\n base_list_iterator::next_fast() function within file\n sql/sql_parse.cc when handling multi-table updates. An\n authenticated, remote attacker can exploit this to crash\n the server.\n\n - A denial of service vulnerability exists in the\n ACL_internal_schema_registry::lookup() function within\n file sql/sql_acl.cc when handling multi-table updates.\n An authenticated, remote attacker can exploit this to\n crash the server.\n\n - A denial of service vulnerability exists in the\n Item_func_group_concat::fix_fields() function within\n file sql/item_sum.cc when handling arguments on the\n second execution of PS. An authenticated, remote\n attacker can exploit this to crash the server.\n\n - A denial of service vulnerability exists in\n select_lex->non_agg_fields when using ONLY_FULL_GROUP_BY\n in a stored procedure or trigger that is repeatedly\n executed. An authenticated, remote attacker can exploit\n this to crash the server.\n\n - A buffer overflow condition exists within the\n my_multi_malloc() function when trying to allocate a key\n cache of more than 45G with a key_cache_block_size of\n 1024 or less. An authenticated, remote attacker can\n exploit this to cause an unspecified impact.\n\n - A denial of service vulnerability exists within the\n page_cur_is_after_last() function when handling table\n alteration encryption keys. An authenticated, remote\n attacker can exploit this to crash the server.\n\n - A denial of service vulnerability exists within the\n Bitmap<64u>::merge() function when handling a specially\n crafted query. An authenticated, remote attacker can\n exploit this to crash the server.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/library/mariadb-1017-release-notes/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/library/mariadb-1017-changelog/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.1.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(variant:'MariaDB', fixed:'10.1.7-MariaDB', min:'10.1', severity:SECURITY_HOLE);\n", "naslFamily": "Databases", "pluginID": "93810", "cpe": ["cpe:/a:mariadb:mariadb"], "scheme": null, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}
