Check: MADB-10-012600
MariaDB Enterprise 10.x STIG:
MADB-10-012600
(in versions v1 r3 through v1 r2)
Title
MariaDB products must be a version supported by the vendor. (Cat I impact)
Discussion
Unsupported commercial and database systems should not be used because fixes to newly identified bugs will not be implemented by the vendor. The lack of support can result in potential vulnerabilities. Systems at unsupported servicing levels or releases will not receive security updates for new vulnerabilities, which leaves them subject to exploitation. When maintenance updates and patches are no longer available, the database software is no longer considered supported and should be upgraded or decommissioned.
Check Content
Review the version and release information. Verify the MariaDB Enterprise Server version via one of the following methods: MariaDB> SELECT VERSION(); # mariadb --version Verify the version is supported per the MariaDB support policy: https://mariadb.com/engineering-policies/ If the installed version of MariaDB is not supported by the vendor, this is a finding.
Fix Text
Remove or decommission all unsupported software products. Upgrade MariaDB Enterprise to a supported version of the product.
Additional Identifiers
Rule ID: SV-253778r944387_rule
Vulnerability ID: V-253778
Group Title: SRG-APP-000456-DB-000400
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-002605 |
The organization installs security-relevant software updates within an organization-defined time period of the release of the updates. |
| CCI-003376 |
The organization replaces information system components when support for the components is no longer available from the developer, vendor, or manufacturer. |