| VID |
25310 |
| Severity |
30 |
| Port |
3306 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The version of MariaDB installed on the remote host is prior to 10.0.36. It is, therefore, affected by multiple vulnerabilities as referenced in the mdb-10036-rn advisory.
- An unspecified vulnerability exists in MariaDB. An authenticated, remote attacker can exploit this to compromise MariaDB server, resulting in unauthorized update, insert, delete and read access to some of accessible data. (CVE-2018-3058, CVE-2018-3066)
- A denial of service (DoS) vulnerability exists in MariaDB. An authenticated, remote attacker can exploit this issue, to cause the application to stop responding. (CVE-2018-3063, CVE-2018-3064)
* References:
https://mariadb.com/kb/en/mdb-10036-rn
https://jira.mariadb.org/browse/MDEV-14693
https://jira.mariadb.org/browse/MDEV-15953
https://jira.mariadb.org/browse/MDEV-16119
https://jira.mariadb.org/browse/MDEV-16124
https://jira.mariadb.org/browse/MDEV-16267
https://jira.mariadb.org/browse/MDEV-16456
https://jira.mariadb.org/browse/MDEV-16515
https://jira.mariadb.org/browse/MDEV-16596
https://jira.mariadb.org/browse/MDEV-16851
https://jira.mariadb.org/browse/MDEV-16855
* Platforms Affected:
MariaDB versions 10.0.x prior to 10.0.36
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of MariaDB (10.0.36 or later), available from the MariaDB Web site at https://downloads.mariadb.org/ |
| Related URL |
CVE-2018-3058,CVE-2018-3063,CVE-2018-3064,CVE-2018-3066 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
