Overview

A network scan of the embedded MySQL in the ScaleArc appliance may reveal the presence of a vulnerability that allows remote attackers to read portions of memory via a username without a trailing null byte, causing a buffer over-read.

Information

This is a false positive detected by Nessus, because ScaleArc responds with an "Access Denied" message which is what Nessus is looking for to conclude that it is this particular vulnerability. This is a very old vulnerability that affected versions till MySQL 5.0 (available in RHEL 4) and ScaleArc 2021.1 already is on 5.5.

Additionally, mariadb and mariadb-libs, packages used by ScaleArc, are tied to the 5.5.65 version present in CentOS 7.5, which means that if it is upgraded externally a future ScaleArc upgrade could fail due to package prechecks.