Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.MARIADB_BINARY_LOG_SQLI.NASL
HistoryFeb 08, 2013 - 12:00 a.m.

MariaDB Binary Log SQL Injection

2013-02-0800:00:00
This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
37

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

53.7%

JSON

According to its self-reported version number, the version of MariaDB running on the remote host has multiple SQL injection vulnerabilities.
User-supplied identifiers are not properly quoted before being written into the binary log. An attacker with a valid account and privileges to modify data could exploit this to modify tables that they should not have access to.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(64502);
  script_version("1.7");
  script_cvs_date("Date: 2018/11/15 20:50:21");

  script_cve_id("CVE-2012-4414");
  script_bugtraq_id(55498);

  script_name(english:"MariaDB Binary Log SQL Injection");
  script_summary(english:"Checks version of MariaDB");

  script_set_attribute(attribute:"synopsis", value:
"The database server running on the remote host is affected by multiple
SQL injection vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the version of MariaDB
running on the remote host has multiple SQL injection vulnerabilities.
User-supplied identifiers are not properly quoted before being written
into the binary log. An attacker with a valid account and privileges
to modify data could exploit this to modify tables that they should
not have access to.");
  script_set_attribute(attribute:"see_also", value:"https://mariadb.atlassian.net/browse/MDEV-382");
  script_set_attribute(attribute:"see_also", value:"https://www.openwall.com/lists/oss-security/2012/09/11/4");
  script_set_attribute(attribute:"solution", value:"Upgrade to MariaDB 5.5.27 / 5.3.8 / 5.2.13 / 5.1.66 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/11");  
  script_set_attribute(attribute:"patch_publication_date", value:"2012/09/10"); 
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/08");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mariadb:mariadb");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mysql_version.nasl", "mysql_login.nasl");
  script_require_keys("Settings/ParanoidReport");
  script_require_ports("Services/mysql", 3306);

  exit(0);
}

include("audit.inc");
include("mysql_version.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

port = get_service(svc:"mysql", default:3306, exit_on_fail:TRUE);
mysql_init(port:port, exit_on_fail:TRUE);

if (!is_mariadb()) audit(AUDIT_NOT_LISTEN, 'MariaDB', port);

ver = mysql_get_version();
if (isnull(ver)) exit(1, 'Failed to get the version from the MariaDB server listening on port '+port+'.');

# Fix up MariaDB version.
real_ver = ver;
match = eregmatch(pattern:"^5\.5\.5-([0-9]+\.[0-9]+\.[0-9]+)-MariaDB", string:ver);
if (!isnull(match)) ver = match[1];

if (mysql_ver_cmp(ver:ver, fix:'5.5.27', same_branch:TRUE) < 0)
   fix = '5.5.27-MariaDB';
else if (mysql_ver_cmp(ver:ver, fix:'5.3.8', same_branch:TRUE)  < 0)
  fix = '5.3.8-MariaDB';
else if (mysql_ver_cmp(ver:ver, fix:'5.2.13', same_branch:TRUE) < 0)
   fix = '5.2.13-MariaDB';
else if (mysql_ver_cmp(ver:ver, fix:'5.1.66', same_branch:TRUE)  < 0)
   fix = '5.1.66-MariaDB';
else
  fix = NULL;

if (isnull(fix))
  audit(AUDIT_LISTEN_NOT_VULN, 'MariaDB', port, ver);
else
  set_kb_item(name:'www/0/SQLInjection', value:TRUE);


if (report_verbosity > 0)
{
  ver_ui = ver;
  if (ver != real_ver) ver_ui += " (" + real_ver + ")";

  report =
    '\n  Installed version : ' + ver_ui +
    '\n  Fixed version     : ' + fix + '\n';
  datadir = get_kb_item('mysql/' + port + '/datadir');
  if (!empty_or_null(datadir))
  {
    report += '  Data Dir          : ' + datadir + '\n';
  }
  databases = get_kb_item('mysql/' + port + '/databases');
  if (!empty_or_null(databases))
  { 
    report += '  Databases         :\n' + databases;
  }
  security_warning(port:port, extra:report);
}
else security_warning(port);
VendorProductVersionCPE
mariadbmariadbcpe:/a:mariadb:mariadb

Related

prion 1
nessus 12
mariadbunix 1
cvelist 1
cve 1
ubuntucve 1
nvd 1
suse 4
openvas 7
freebsd 1
oracle 1
prion
prion
Sql injection
2013-01-22 23:55:00
nessus
nessus
MySQL Binary Log SQL Injection
2013-02-08 00:00:00
MariaDB 5.3.0 < 5.3.8
2022-11-18 00:00:00
openSUSE Security Update : mariadb (openSUSE-SU-2013:0014-1)
2014-06-13 00:00:00
mariadbunix
mariadbunix
CVE-2012-4414
2013-01-22 23:55:02
cvelist
cvelist
CVE-2012-4414
2013-01-22 23:00:00
cve
cve
CVE-2012-4414
2013-01-22 23:55:02
ubuntucve
ubuntucve
CVE-2012-4414
2013-01-22 00:00:00
nvd
nvd
CVE-2012-4414
2013-01-22 23:55:02
suse
suse
mariadb to 5.1.66 (important)
2013-01-23 14:06:17
mariadb to 5.2.13 (important)
2013-01-07 17:09:18
mysql-community-server: updated to 5.1.67 (important)
2013-01-23 14:05:08
openvas
openvas
SuSE Update for mariadb openSUSE-SU-2013:0011-1 (mariadb)
2013-03-11 00:00:00
openSUSE: Security Advisory for mariadb (openSUSE-SU-2013:0011-1)
2013-03-11 00:00:00
openSUSE: Security Advisory for mariadb (openSUSE-SU-2013:0014-1)
2013-03-11 00:00:00
freebsd
freebsd
mysql/mariadb/percona server -- multiple vulnerabilities
2012-12-01 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2013
2013-01-15 00:00:00

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

53.7%

JSON
Related for MARIADB_BINARY_LOG_SQLI.NASL
prion1nessus12mariadbunix1cvelist1cve1ubuntucve1nvd1suse4openvas7freebsd1oracle1