Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

MariaDB Named Pipe Permission Vulnerability (MDEV-24040) (Windows)

Information

Severity

Severity

Medium

Family

Family

Databases

CVSSv2 Base

CVSSv2 Base

4.4

CVSSv2 Vector

CVSSv2 Vector

AV:L/AC:M/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

2 years ago

Modified

Modified

2 years ago

Summary

MariaDB is prone to a named pipe permission vulnerability.

Insight

Insight

With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between the client and the server, and getting the ability to run SQL commands on behalf of the connected user. This occurs because of an incorrect security descriptor.

Affected Software

Affected Software

MariaDB versions 10.1, 10.2, 10.3, 10.4 and 10.5.

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

Update to version 10.1.48, 10.2.35, 10.3.26, 10.4.16, 10.5.7 or later.

Common Vulnerabilities and Exposures (CVE)