| VID |
25313 |
| Severity |
30 |
| Port |
3306 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The version of MariaDB installed on the remote host is prior to 10.3.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mdb-1039-rn advisory.
- An unspecified vulnerability exists in MariaDB. An authenticated, remote attacker can exploit this to compromise MariaDB server, resulting in unauthorized update, insert, delete and read access to some of accessible data. (CVE-2018-3058, CVE-2018-3060, CVE-2018-3066)
- A denial of service (DoS) vulnerability exists in MariaDB. An authenticated, remote attacker can exploit this issue, to cause the application to stop responding. (CVE-2018-3063, CVE-2018-3064)
* References:
https://mariadb.com/kb/en/mdb-1039-rn
https://jira.mariadb.org/browse/MDEV-14637
https://jira.mariadb.org/browse/MDEV-15822
https://jira.mariadb.org/browse/MDEV-15855
https://jira.mariadb.org/browse/MDEV-15953
https://jira.mariadb.org/browse/MDEV-16131
https://jira.mariadb.org/browse/MDEV-16515
https://jira.mariadb.org/browse/MDEV-16596
https://jira.mariadb.org/browse/MDEV-16664
https://jira.mariadb.org/browse/MDEV-16675
https://jira.mariadb.org/browse/MDEV-16713
https://jira.mariadb.org/browse/MDEV-16809
https://jira.mariadb.org/browse/MDEV-16830
* Platforms Affected:
MariaDB versions 10.3.x prior to 10.3.9
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of MariaDB (10.3.9 or later), available from the MariaDB Web site at https://downloads.mariadb.org/ |
| Related URL |
CVE-2018-3058,CVE-2018-3060,CVE-2018-3063,CVE-2018-3064,CVE-2018-3066 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
