ColumnStore Security Vulnerabilities
This page is about security vulnerabilities that have been fixed for or still affect MariaDB ColumnStore. In addition links are included to fixed security vulnerabilities in MariaDB Server since MariaDB ColumnStore is based on MariaDB Server.
Sensitive security issues can be sent directly to the persons responsible for MariaDB security: security [AT] mariadb (dot) org.
What this means in practice is that while testing the alpha version of ColumnStore, you should ensure that no one without proper authorization can get access to the hardware system as there are known issues that can be used to get access to the data.
About CVEs
Contents
CVE® stands for "Common Vulnerabilities and Exposures". It is a publicly available and free to use database of known software vulnerabilities maintained at https://cve.mitre.org/
Vulnerabilities fixed in MariaDB ColumnStore 1.0.2
The above were fixed in MariaDB ColumnStore 1.0.2 by updating the Net-SNMP libraries to 5.7.3
Vulnerabilities affecting MariaDB ColumnStore 1.0.0 and 1.0.1
This first alpha version of MariaDB ColumnStore with version number 1.0.0, 1.0.1 includes a few known vulnerabilities. As always, alpha versions of columnstore should never be used on production systems. MariaDB ColumnStore makes use of an old version of Net-SNMP that has been bundled into the product. The version currently in use of Net-SNMP in ColumnStore is 5.2, which has a few known vulnerabilities:
CVEs fixed in MariaDB Server
MariaDB ColumnStore is based on MariaDB Server. For a full list of CVEs fixed in MariaDB Server please refer to Security Vulnerabilities Fixed in MariaDB.
