MariaDB up to 10.5.5 mysql-wsrep wsrep_sst_method command injection

Summaryinfo

A vulnerability categorized as critical has been discovered in MariaDB up to 10.1.46/10.2.33/10.3.24/10.4.14/10.5.5. Affected is the function wsrep_sst_method of the component mysql-wsrep. Such manipulation leads to command injection. This vulnerability is listed as CVE-2020-15180. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

Detailsinfo

A vulnerability, which was classified as critical, has been found in MariaDB up to 10.1.46/10.2.33/10.3.24/10.4.14/10.5.5 (Database Software). Affected by this issue is the function wsrep_sst_method of the component mysql-wsrep. The manipulation with an unknown input leads to a command injection vulnerability. Using CWE to declare the problem leads to CWE-77. The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. Impacted is confidentiality, integrity, and availability.

The weakness was presented 05/28/2021. The advisory is shared for download at bugzilla.redhat.com. This vulnerability is handled as CVE-2020-15180. There are known technical details, but no exploit is available. The MITRE ATT&CK project declares the attack technique as T1202.

The vulnerability scanner Nessus provides a plugin with the ID 236704 (Alibaba Cloud Linux 3 : 0014: mariadb:10.3 (ALINUX3-SA-2021:0014)), which helps to determine the existence of the flaw in a target environment.

Upgrading to version 10.1.47, 10.2.34, 10.3.25, 10.4.15 or 10.5.6 eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at Tenable (236704). Once again VulDB remains the best source for vulnerability data.

Productinfo

Type

• Database Software

Name

• MariaDB

Version

• 10.1.0
• 10.1.1
• 10.1.2
• 10.1.3
• 10.1.4
• 10.1.5
• 10.1.6
• 10.1.7
• 10.1.8
• 10.1.9
• 10.1.10
• 10.1.11
• 10.1.12
• 10.1.13
• 10.1.14
• 10.1.15
• 10.1.16
• 10.1.17
• 10.1.18
• 10.1.19
• 10.1.20
• 10.1.21
• 10.1.22
• 10.1.23
• 10.1.24
• 10.1.25
• 10.1.26
• 10.1.27
• 10.1.28
• 10.1.29
• 10.1.30
• 10.1.31
• 10.1.32
• 10.1.33
• 10.1.34
• 10.1.35
• 10.1.36
• 10.1.37
• 10.1.38
• 10.1.39
• 10.1.40
• 10.1.41
• 10.1.42
• 10.1.43
• 10.1.44
• 10.1.45
• 10.1.46
• 10.2.0
• 10.2.1
• 10.2.2
• 10.2.3
• 10.2.4
• 10.2.5
• 10.2.6
• 10.2.7
• 10.2.8
• 10.2.9
• 10.2.10
• 10.2.11
• 10.2.12
• 10.2.13
• 10.2.14
• 10.2.15
• 10.2.16
• 10.2.17
• 10.2.18
• 10.2.19
• 10.2.20
• 10.2.21
• 10.2.22
• 10.2.23
• 10.2.24
• 10.2.25
• 10.2.26
• 10.2.27
• 10.2.28
• 10.2.29
• 10.2.30
• 10.2.31
• 10.2.32
• 10.2.33
• 10.3.0
• 10.3.1
• 10.3.2
• 10.3.3
• 10.3.4
• 10.3.5
• 10.3.6
• 10.3.7
• 10.3.8
• 10.3.9
• 10.3.10
• 10.3.11
• 10.3.12
• 10.3.13
• 10.3.14
• 10.3.15
• 10.3.16
• 10.3.17
• 10.3.18
• 10.3.19
• 10.3.20
• 10.3.21
• 10.3.22
• 10.3.23
• 10.3.24
• 10.4.0
• 10.4.1
• 10.4.2
• 10.4.3
• 10.4.4
• 10.4.5
• 10.4.6
• 10.4.7
• 10.4.8
• 10.4.9
• 10.4.10
• 10.4.11
• 10.4.12
• 10.4.13
• 10.4.14
• 10.5.0
• 10.5.1
• 10.5.2
• 10.5.3
• 10.5.4
• 10.5.5

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion