VID |
25312 |
Severity |
30 |
Port |
3306 |
Protocol |
TCP |
Class |
DB |
Detailed Description |
The version of MariaDB installed on the remote host is prior to 10.2.17. It is, therefore, affected by multiple vulnerabilities as referenced in the mdb-10217-rn advisory.
- An unspecified vulnerability exists in MariaDB. An authenticated, remote attacker can exploit this to compromise MariaDB server, resulting in unauthorized update, insert, delete and read access to some of accessible data. (CVE-2018-3058, CVE-2018-3060, CVE-2018-3066)
- A denial of service (DoS) vulnerability exists in MariaDB. An authenticated, remote attacker can exploit this issue, to cause the application to stop responding. (CVE-2018-3063, CVE-2018-3064)
* References: https://mariadb.com/kb/en/mdb-10217-rn https://jira.mariadb.org/browse/MDEV-12837 https://jira.mariadb.org/browse/MDEV-14637 https://jira.mariadb.org/browse/MDEV-15822 https://jira.mariadb.org/browse/MDEV-15855 https://jira.mariadb.org/browse/MDEV-15953 https://jira.mariadb.org/browse/MDEV-16515 https://jira.mariadb.org/browse/MDEV-16596 https://jira.mariadb.org/browse/MDEV-16664 https://jira.mariadb.org/browse/MDEV-16713 https://jira.mariadb.org/browse/MDEV-16809
* Platforms Affected: MariaDB versions 10.2.x prior to 10.2.17 Any operating system Any version |
Recommendation |
Upgrade to the latest version of MariaDB (10.2.17 or later), available from the MariaDB Web site at https://downloads.mariadb.org/ |
Related URL |
CVE-2018-3058,CVE-2018-3060,CVE-2018-3063,CVE-2018-3064,CVE-2018-3066 (CVE) |
Related URL |
(SecurityFocus) |
Related URL |
(ISS) |
|