maria-discuss team mailing list archive

Thread
Date

Re: security scans: 5.5.5-10.0.19 should be 5.5.43-10.0.19

To: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
From: Sergei Golubchik <serg@xxxxxxxxxxx>
Date: Mon, 1 Jun 2015 15:17:39 +0200
Cc: Mailing-List mariadb <maria-discuss@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <556C257C.7080305@thelounge.net>
User-agent: Mutt/1.5.23 (2014-03-12)

Hi, Reindl!

On Jun 01, Reindl Harald wrote:
> [harry@rh:~]$ telnet localhost 3306
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> ]
> 5.5.5-10.0.19-MariaDB
> 
> the 5.5.5 srting leads in false positives for security scans and while i 
> reported that to OpenVAS the correct soultion would be updating the 
> 5.5.5 string to the latest 5.5x release instead "Fix" each scanner out there

Unfortunately, we cannot simply change the version to 5.5.43 (for
example), because the current implementation of this hack relies on the
fact that 5.5.5 did not support pluggable authentication.

So we'd need another way to detect the fake version.

The best solution would be for MySQL to fix its replication code not to
make any decisions based on the first digit of the server version.  But
even 5.7 can only replicate from version 3..., 4..., or 5.... Everything
else is "unknown version".

Regards,
Sergei

References

security scans: 5.5.5-10.0.19 should be 5.5.43-10.0.19
From: Reindl Harald, 2015-06-01