The version of MariaDB installed on the remote host is prior to 5.5.53. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-5-5-53-release-notes advisory.
Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security:
Encryption. (CVE-2016-5584)
The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.
(CVE-2016-7440)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server.
Note: CVE-2017-3600 is equivalent to CVE-2016-5483. (CVE-2017-3600)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2017-3651)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(167886);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/11/18");
script_cve_id(
"CVE-2016-5483",
"CVE-2016-5584",
"CVE-2016-7440",
"CVE-2017-3600",
"CVE-2017-3651"
);
script_name(english:"MariaDB 5.5.0 < 5.5.53 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of MariaDB installed on the remote host is prior to 5.5.53. It is, therefore, affected by multiple
vulnerabilities as referenced in the mariadb-5-5-53-release-notes advisory.
- Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier
allows remote administrators to affect confidentiality via vectors related to Server: Security:
Encryption. (CVE-2016-5584)
- The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10
makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.
(CVE-2016-7440)
- Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported
versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to
exploit vulnerability allows high privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server.
Note: CVE-2017-3600 is equivalent to CVE-2016-5483. (CVE-2017-3600)
- Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported
versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily
exploitable vulnerability allows low privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update,
insert or delete access to some of MySQL Server accessible data. (CVE-2017-3651)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://mariadb.com/kb/en/mariadb-5-5-53-release-notes");
script_set_attribute(attribute:"solution", value:
"Upgrade to MariaDB version 5.5.53 or later.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-3600");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/18");
script_set_attribute(attribute:"patch_publication_date", value:"2016/10/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/11/18");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mariadb:mariadb");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Databases");
script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("mysql_version.nasl", "mysql_login.nasl", "mariadb_nix_installed.nbin", "mariadb_win_installed.nbin");
script_require_keys("installed_sw/MariaDB");
exit(0);
}
include('vcf.inc');
var app_info = vcf::combined_get_app_info(app:'MariaDB');
if (!(app_info.local) && report_paranoia < 2)
audit(AUDIT_POTENTIAL_VULN, 'MariaDB');
vcf::check_all_backporting(app_info:app_info);
var constraints = [
{ 'min_version' : '5.5', 'fixed_version' : '5.5.53' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5483
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5584
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7440
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3600
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3651
mariadb.com/kb/en/mariadb-5-5-53-release-notes