ColumnStore Security Vulnerabilities
This page is about security vulnerabilities that have been fixed for or still affect MariaDB ColumnStore. In addition links are included to fixed security vulnerabilities in MariaDB Server since MariaDB ColumnStore is based on MariaDB Server.
Sensitive security issues can be sent directly to the persons responsible for MariaDB security: security [AT] mariadb (dot) org.
This first alpha version of MariaDB ColumnStore with version number 1.0.0, 1.0.1 and 1.0.2 includes a few known vulnerabilities, which will be fixed in upcoming releases. As always, alpha versions of columnstore should never be used on production systems.
What this means in practice is that while testing the alpha version of ColumnStore, you should ensure that no one without proper authorization can get access to the hardware system as there are known issues that can be used to get access to the data.
About CVEs
CVE® stands for "Common Vulnerabilities and Exposures". It is a publicly available and free to use database of known software vulnerabilities maintained at https://cve.mitre.org/
Vulnerabilities affecting MariaDB ColumnStore
MariaDB ColumnStore makes use of an old version of Net-SNMP that has been bundled into the product. The version currently in use of Net-SNMP in ColumnStore is 5.2, which has a few known vulnerabilities:
Once MariaDB ColumnStore gets updated to include a newer version of Net-SNMP these vulnerabilities will not affect MariaDB ColumnStore anymore.
CVEs fixed in MariaDB Server
MariaDB ColumnStore is based on MariaDB Server. For a full list of CVEs fixed in MariaDB Server please refer to Security Vulnerabilities Fixed in MariaDB.
