Summary
This host is running MariaDB and is prone to security bypass vulnerability.
Impact
Successful exploitation will allow remote attackers to more easily gain access to a user's account via a brute-force attack.
Impact Level: Application
Solution
Upgrade to MariaDB version 5.2.14, 5.3.12, 5.5.29 or later, For updates refer to https://mariadb.org
Insight
Flaw that is triggered when a remote attacker attempts to login to a user's account via the COM_CHANGE_USER command. This command fails to properly disconnect the attacker from the server upon a failed login attempt.
Affected
MariaDB versions 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14
Detection
Get the installed version of MariaDB with the help of detect NVT and check it is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2012-5627 -
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:P/I:N/A:N
Related Vulnerabilities
- IBM DB2 db2pd Denial Of Service Vulnerability (Win)
- Oracle MySQL Server Multiple Vulnerabilities-04 Nov12 (Windows)
- MySQL Unspecified vulnerabilities-03 July-2013 (Windows)
- IBM DB2 REPEAT Buffer Overflow and TLS Renegotiation Vulnerabilities (Linux)
- Oracle MySQL Multiple Unspecified vulnerabilities - 03 May14 (Windows)