Documentation - V-253718

Title

MariaDB must provide logout functionality to allow the user to manually terminate a session initiated by that user.

Description

<VulnDiscussion>If a user cannot explicitly end a DBMS session, the session may remain open and be exploited by an attacker; this is referred to as a zombie session. Such logout may be explicit or implicit. Examples of explicit are clicking on a Log Out link or button in the application window; clicking the Windows Start button and selecting Log Out or Shut Down. Examples of implicit logout are closing the application's (main) window and powering off the workstation without invoking the OS shut...

Fix Text (Documentation Requirement)

As an authorized user locate the session to be terminated and terminate that session. To locate a session and terminate the session follow the following steps: 1. Connect to the MariaDB database using an authorized user: mariadb -u admin_user -p 2. At the MariaDB prompt run either of the following commands: MariaDB> SHOW PROCESSLIST; MariaDB> SELECT id, user, host, db, command, time, state, info, progress FROM information_schema.processlist; 3. Identify the session to be terminated and issue kill process number from display. (**This will kill the session.**) Example: MariaDB> KILL 192; 4. A kill query process number can be issued from display. (**This will kill the active query but leave the session active for run-away queries. **) Configure MariaDB to automatically terminate a ...