Korean

<< Back VID 25200 Severity 30 Port 3306 Protocol TCP Class DB Detailed Description The version of MariaDB running on the remote host is 10.1.x prior to 10.1.12. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to impact integrity and availability. (CVE-2016-0640) - An unspecified flaw exists in the MyISAM subcomponent that allows an authenticated, remote attacker to disclose sensitive information or cause a denial of service condition. (CVE-2016-0641) - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0644) - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0646) - An unspecified flaw exists in the PS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0649) - An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0650) - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0668) * Note: This check solely relied on the banner of the remote MariaDB server to assess this vulnerability, so this might be a false positive. * References: https://mariadb.com/kb/en/mariadb/mariadb-10112-changelog/ https://mariadb.com/kb/en/mariadb/mariadb-10112-release-notes/ * Platforms Affected: MariaDB versions 10.1.x prior to 10.1.12 Any operating system Any version Recommendation Upgrade to the latest version of MariaDB (10.1.12 or later), available from the MariaDB Web site at https://downloads.mariadb.org/ Related URL CVE-2016-0640,CVE-2016-0641,CVE-2016-0644,CVE-2016-0646,CVE-2016-0649,CVE-2016-0650,CVE-2016-0668 (CVE) Related URL (SecurityFocus) Related URL (ISS)