Lucene search

K
openvasCopyright (C) 2021 Greenbone AGOPENVAS:1361412562310145119
HistoryJan 12, 2021 - 12:00 a.m.

MariaDB Named Pipe Permission Vulnerability (MDEV-24040) - Windows

2021-01-1200:00:00
Copyright (C) 2021 Greenbone AG
plugins.openvas.org

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

Low

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.0%

MariaDB is prone to a named pipe permission vulnerability.

# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:mariadb:mariadb";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.145119");
  script_version("2024-02-19T05:05:57+0000");
  script_tag(name:"last_modification", value:"2024-02-19 05:05:57 +0000 (Mon, 19 Feb 2024)");
  script_tag(name:"creation_date", value:"2021-01-12 08:39:57 +0000 (Tue, 12 Jan 2021)");
  script_tag(name:"cvss_base", value:"4.4");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:P/I:P/A:P");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2020-12-30 18:09:00 +0000 (Wed, 30 Dec 2020)");

  script_cve_id("CVE-2020-28912");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("MariaDB Named Pipe Permission Vulnerability (MDEV-24040) - Windows");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2021 Greenbone AG");
  script_family("Databases");
  script_dependencies("mysql_version.nasl", "os_detection.nasl");
  script_mandatory_keys("MariaDB/installed", "Host/runs_windows");

  script_tag(name:"summary", value:"MariaDB is prone to a named pipe permission vulnerability.");

  script_tag(name:"insight", value:"With MariaDB running on Windows, when local clients connect to the server
  over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine
  to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed
  between the client and the server, and getting the ability to run SQL commands on behalf of the connected
  user. This occurs because of an incorrect security descriptor.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"affected", value:"MariaDB versions 10.1, 10.2, 10.3, 10.4 and 10.5.");

  script_tag(name:"solution", value:"Update to version 10.1.48, 10.2.35, 10.3.26, 10.4.16, 10.5.7 or later.");

  script_xref(name:"URL", value:"https://jira.mariadb.org/browse/MDEV-24040");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (!port = get_app_port(cpe: CPE))
  exit(0);

if (!version = get_app_version(cpe: CPE, port: port))
  exit(0);

if (version_in_range(version: version, test_version: "10.1.0", test_version2: "10.1.47")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "10.1.48");
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range(version: version, test_version: "10.2.0", test_version2: "10.2.34")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "10.2.35");
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range(version: version, test_version: "10.3.0", test_version2: "10.3.25")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "10.3.26");
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range(version: version, test_version: "10.4.0", test_version2: "10.4.15")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "10.4.16");
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range(version: version, test_version: "10.5.0", test_version2: "10.5.6")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "10.5.7");
  security_message(port: port, data: report);
  exit(0);
}

exit(99);

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

Low

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.0%