 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.145119 |
| Categoría: | Databases |
| Título: | MariaDB Named Pipe Permission Vulnerability (MDEV-24040) - Windows |
| Resumen: | MariaDB is prone to a named pipe permission vulnerability. |
| Descripción: | Summary: MariaDB is prone to a named pipe permission vulnerability. Vulnerability Insight: With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between the client and the server, and getting the ability to run SQL commands on behalf of the connected user. This occurs because of an incorrect security descriptor. Affected Software/OS: MariaDB versions 10.1, 10.2, 10.3, 10.4 and 10.5. Solution: Update to version 10.1.48, 10.2.35, 10.3.26, 10.4.16, 10.5.7 or later. CVSS Score: 4.4 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-28912 https://hackerone.com/reports/1019891 https://jira.mariadb.org/browse/MDEV-24040 |
| Copyright | Copyright (C) 2021 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |