|Summary:||CVE-2017-15365 mariadb: Replication in sql/event_data_objects.cc occurs before ACL checks|
|Product:||[Other] Security Response||Reporter:||Sam Fowler <sfowler>|
|Component:||vulnerability||Assignee:||Red Hat Product Security <security-response-team>|
|Status:||CLOSED ERRATA||QA Contact:|
|Version:||unspecified||CC:||apevec, chrisw, databases-maint, dciabrin, hhorak, jjoyce, jorton, jschluet, jstanek, kbasil, lhh, lpeer, markmc, mbayer, mburns, mmuzila, mschorm, praiskup, rbryant, sclewis, slinaber, srevivo, tdecacqu|
|Fixed In Version:||mariadb 10.2.10, mariadb 10.1.30||Doc Type:||If docs needed, set a value|
It was discovered that MariaDB could replicate certain data definition language (DDL) commands to other cluster nodes despite an access control check failure. A user with an SQL access to the server could possibly use this flaw to perform database modification on certain cluster nodes without having privileges to perform such changes.
|Last Closed:||2019-05-21 21:02:01 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:||1524767, 1524235, 1527365, 1558264, 1558265, 1701268|
Description Sam Fowler 2017-12-11 01:56:19 UTC
MariaDB have noted in their release notes that reserved CVE-2017-15365 has been fixed in version 10.2.10, however they have not described how or what the vulnerability was. This CVE is also mentioned to affect Percona with the fix is described as: "Added access checks for DDL commands to make sure they do not get replicated if they failed without proper permissions" A comparison with the MariaDB 10.2.10 changelog and Percona description finds this commit, which seems a likely candidate for both describing and fixing the vulnerability. The vulnerable code block in sql/event_data_objects.cc is also present in version 10.1, suggesting that it is also affected.  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15365  https://mariadb.com/kb/en/library/mariadb-10210-release-notes/  https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html  https://mariadb.com/kb/en/library/mariadb-10210-changelog/  https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e
Comment 1 Sam Fowler 2017-12-11 01:57:06 UTC
Created mariadb tracking bugs for this issue: Affects: fedora-all [bug 1524235]
Comment 2 Sam Fowler 2017-12-12 01:50:04 UTC
Created mariadb tracking bugs for this issue: Affects: openstack-rdo [bug 1524767]
Comment 5 Michal Schorm 2018-02-08 03:36:52 UTC
Hi, upstream says on https://mariadb.com/kb/en/library/security/ that the issue has been fixed in both MariaDB 10.2.10, MariaDB 10.1.30. There are no older versions present in Fedora. Can I just close the Fedora bug, or do we need more complicate fix on downstream side?
Comment 6 Michal Schorm 2018-02-08 03:39:12 UTC
Yeah, I'm so blind I can't even read my own notes. The Fedora bug was left open till 10.2.10 released in F27. I had long long troubles releasing that (and 10.2.12) update, and I forgot to add it to it as solved.
Comment 8 errata-xmlrpc 2019-05-21 19:54:31 UTC
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Via RHSA-2019:1258 https://access.redhat.com/errata/RHSA-2019:1258