| VID |
25306 |
| Severity |
40 |
| Port |
3306 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The version of MariaDB running of remote host is 10.1 prior to 10.1.31. It is, therefore, affected by multiple vulnerabilities
- Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2018-2562)
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2612)
- Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2622)
- Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2640)
- Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2018-2665)
* References:
https://lists.askmonty.org/cgi-bin/mailman/listinfo/announce https://mariadb.com/kb/en/mdb-10131-rn http://cve.mitre.org/cgi/bin/cvename.cgi?name=CVE-2018-2562 http://cve.mitre.org/cgi/bin/cvename.cgi?name=CVE-2018-2612 http://cve.mitre.org/cgi/bin/cvename.cgi?name=CVE-2018-2622 http://cve.mitre.org/cgi/bin/cvename.cgi?name=CVE-2018-2640 http://cve.mitre.org/cgi/bin/cvename.cgi?name=CVE-2018-2665 http://cve.mitre.org/cgi/bin/cvename.cgi?name=CVE-2018-2668 http://cve.mitre.org/cgi/bin/cvename.cgi?name=CVE-2018-3133 http://www.nessus.org/u?9e7fe54c https://jira.mariadb.org/browse/MDEV-13205 https://jira.mariadb.org/browse/MDEV-13499 https://jira.mariadb.org/browse/MDEV-14174 https://jira.mariadb.org/browse/MDEV-14776 https://jira.mariadb.org/browse/MDEV-14799 https://jira.mariadb.org/browse/MDEV-14874 https://jira.mariadb.org/browse/MDEV-7049
* Platforms Affected:
MariaDB versions 10.1.x prior to 10.1.31
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of MySQL (10.1.31 or later), available from the MySQL Web site at http://www.mysql.com/ |
| Related URL |
CVE-2018-2562,CVE-2018-2612,CVE-2018-2622,CVE-2018-2640,CVE-2018-2665,CVE-2018-2668,CVE-2018-3133 (CVE) |
| Related URL |
102678,102681,102682,102706,102709,102713,105610 (SecurityFocus) |
| Related URL |
(ISS) |
|
