← Back to team overview

maria-discuss team mailing list archive

Re: security scans: 5.5.5-10.0.19 should be 5.5.43-10.0.19

 

Hi, Reindl!

On Jun 01, Reindl Harald wrote:
> [harry@rh:~]$ telnet localhost 3306
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> ]
> 5.5.5-10.0.19-MariaDB
> 
> the 5.5.5 srting leads in false positives for security scans and while i 
> reported that to OpenVAS the correct soultion would be updating the 
> 5.5.5 string to the latest 5.5x release instead "Fix" each scanner out there

Unfortunately, we cannot simply change the version to 5.5.43 (for
example), because the current implementation of this hack relies on the
fact that 5.5.5 did not support pluggable authentication.

So we'd need another way to detect the fake version.

The best solution would be for MySQL to fix its replication code not to
make any decisions based on the first digit of the server version.  But
even 5.7 can only replicate from version 3..., 4..., or 5.... Everything
else is "unknown version".

Regards,
Sergei


References