Am 01.06.2015 um 10:48 schrieb Michael Meyer:
*** Reindl Harald wrote:
Medium (CVSS: 4.0)
NVT: MariaDB 'COM_CHANGE_USER' Command Insecure Salt Generation
Security Bypass Vuln... (OID: 1.3.6.1.4.1.25623.1.0.804037)

Solution
Upgrade to MariaDB version 5.2.14, 5.3.12, 5.5.29 or later, For
updates refer to https://mariadb.org

uhm, there is running 10.0.19..........

____________________________________

Medium (CVSS: 5.0)
NVT: MariaDB Denial Of Service Vulnerability (Windows) (OID:
1.3.6.1.4.1.25623.1.0.804035)

Solution
Upgrade to MariaDB 5.1.68, 5.2.15, 5.3.13, 5.5.30 or later, For
updates refer to https://mariadb.org

uhm, there is running 10.0.19 on *Linux*

Which version was detected by '1.3.6.1.4.1.25623.1.0.100152'?

Product detection result: cpe:/a:mariadb:mariadb:5.5.5- by MySQL/MariaDB Detection (OID: 1.3.6.1.4.1.25623.1.0.100152)

you just need to handle the version in the greeting correct, the 5.5- versioning is for clients with no idea about mariadb at all

[harry@rh:~]$ telnet localhost 3306
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
]
5.5.5-10.0.19-MariaDB

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Reply via email to