Дата обнаружения
|
27/01/2016 |
Уровень угрозы
|
High |
Описание
|
Multiple serious vulnerabilities have been found in MariaDB. Malicious users can exploit these vulnerabilities to cause denial of service, affect integrity, bypass security restrictions or execute arbitrary code. Below is a complete list of vulnerabilities
Technical details Vulnerability (1) caused by sl_verify_server_cert function in sql-common/client.c which does not properly verify server hostname and domain name match in subject’s Common Name (CN) or subjectAltName field of the X.509 certificate. This vulnerability can be exploited via “/CN=” string in a field in a certificate. |
Пораженные продукты
|
MariaDB versions earlier than 5.5.47 |
Решение
|
Update to the latest version |
Первичный источник обнаружения
|
MariaDB bug bulletin. |
Оказываемое влияние
?
|
ACE
[?]
OSI
[?]
DoS
[?]
SB
[?]
LoI
[?]
|
Связанные продукты
|
MariaDB |
CVE-IDS
|
CVE-2016-06091.7Warning
CVE-2016-06164.0Warning CVE-2016-06063.5Warning CVE-2016-06083.5Warning CVE-2016-05467.2High CVE-2016-05964.0Warning CVE-2016-06003.5Warning CVE-2016-05974.0Warning CVE-2016-05983.5Warning CVE-2016-05056.8High CVE-2016-20474.3Warning |
Узнай статистику распространения уязвимостей в твоем регионе |