Bug 1940909 (CVE-2021-27928)
Summary: | CVE-2021-27928 mariadb: writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | damien.ciabrini, databases-maint, dbecker, dciabrin, dmoppert, hhorak, jjoyce, jorton, jschluet, lhh, ljavorsk, lpeer, mbayer, mburns, mkocka, mmuzila, mschorm, sclewis, slinaber, SpikeFedora, tvainio |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | mariadb 10.2.37, mariadb 10.3.28, mariadb 10.4.18, mariadb 10.5.9 | Doc Type: | If docs needed, set a value |
Doc Text: |
A vulnerability was found in mariadb and in the mysql wsrep patch that allows remote code execution. A user with SUPER privileges could execute arbitrary shell commands in the context of the mariadb server process.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-03-30 17:35:09 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1940911, 1940912, 1940913, 1940914, 1941387, 1941417, 1941418, 1941419, 1941420, 1941421, 1941423, 1941424, 1941425, 1941426, 1941427, 1941428, 1941429, 1941430, 1941431, 1941501 | ||
Bug Blocks: | 1940915 |
Description
Guilherme de Almeida Suckevicz
2021-03-19 14:28:33 UTC
Created mariadb tracking bugs for this issue: Affects: fedora-all [bug 1940911] Created mariadb:10.3/mariadb tracking bugs for this issue: Affects: fedora-all [bug 1940912] Created mariadb:10.4/mariadb tracking bugs for this issue: Affects: fedora-all [bug 1940913] Created mariadb:10.5/mariadb tracking bugs for this issue: Affects: fedora-all [bug 1940914] External References: https://mariadb.com/kb/en/mariadb-10237-release-notes/ https://mariadb.com/kb/en/mariadb-10328-release-notes/ https://mariadb.com/kb/en/mariadb-10418-release-notes/ https://mariadb.com/kb/en/mariadb-1059-release-notes/ Not verified, but looks like the upstream commit for 10.5.9 is: https://github.com/MariaDB/server/commit/ce3a2a688db556d8d077a409fd9bf5cc013d13dd Mitigation: Only users that have the SUPER privilege can exploit this flaw. To reduce your exposure, ensure user accounts with the SUPER privilege are protected with strong credentials, only allowed to connect locally and not shared with untrusted parties. This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 (Queens) Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS Via RHSA-2021:1039 https://access.redhat.com/errata/RHSA-2021:1039 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-27928 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:1241 https://access.redhat.com/errata/RHSA-2021:1241 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1242 https://access.redhat.com/errata/RHSA-2021:1242 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:1240 https://access.redhat.com/errata/RHSA-2021:1240 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2021:2040 https://access.redhat.com/errata/RHSA-2021:2040 |