CVE-2021-27928

Summary

CVE	CVE-2021-27928
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-03-19 03:15:00 UTC
Updated	2022-05-03 16:04:00 UTC
Description	A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.

Risk And Classification

Problem Types: CWE-94

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	9.0	All	All	All
Application	Galeracluster	Wsrep	All	All	All	All
Application	Mariadb	Mariadb	All	All	All	All
Application	Percona	Percona Server	All	All	All	All

References

Reference	Source	Link	Tags
MariaDB 10.4.18 Release Notes - MariaDB Knowledge Base	MISC	mariadb.com
MariaDB 10.2.37 Release Notes - MariaDB Knowledge Base	MISC	mariadb.com
Security Vulnerabilities Fixed in MariaDB - MariaDB Knowledge Base	MISC	mariadb.com
MariaDB: Multiple vulnerabilities (GLSA 202105-28) — Gentoo security	GENTOO	security.gentoo.org
MariaDB 10.5.9 Release Notes - MariaDB Knowledge Base	MISC	mariadb.com
[SECURITY] [DLA 2605-1] mariadb-10.1 security update	MLIST	lists.debian.org
MariaDB 10.3.28 Release Notes - MariaDB Knowledge Base	MISC	mariadb.com
MariaDB 10.2 Command Execution ≈ Packet Storm	MISC	packetstormsecurity.com
[MDEV-25179] wsrep_provider and wsrep_notify_cmd system variables are writable - Jira	MISC	jira.mariadb.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159164 Oracle Enterprise Linux Security Update for mariadb:10.3 and mariadb-devel:10.3 (ELSA-2021-1242)
159165 Oracle Enterprise Linux Security Update for mariadb:10.3 and mariadb-devel:10.3 (ELSA-2021-1242)
178500 Debian Security Update for mariadb-10.1 (DLA 2605-1)
179856 Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2021-27928)
239178 Red Hat Update for mariadb (RHSA-2021:1039)
239243 Red Hat Update for mariadb:10.3 and mariadb-devel:10.3 (RHSA-2021:1242)
239244 Red Hat Update for mariadb:10.3 and mariadb-devel:10.3 (RHSA-2021:1241)
239245 Red Hat Update for mariadb:10.3 and mariadb-devel:10.3 (RHSA-2021:1240)
239274 Red Hat Update for rh-mariadb103-mariadb and rh-mariadb103-galera (RHSA-2021:2040)
356194 Amazon Linux Security Advisory for mariadb : ALASMARIADB10.5-2023-001
375486 MariaDB Multiple Security Vulnerabilities
377122 Alibaba Cloud Linux Security Update for mariadb:10.3 and mariadb-devel:10.3 (ALINUX3-SA-2021:0030)
500385 Alpine Linux Security Update for mariadb
501437 Alpine Linux Security Update for mariadb
504145 Alpine Linux Security Update for mariadb
671608 EulerOS Security Update for mariadb (EulerOS-SA-2022-1575)
710089 Gentoo Linux MariaDB Multiple vulnerabilities (GLSA 202105-28)
750915 OpenSUSE Security Update for mariadb (openSUSE-SU-2021:2605-1)
750919 SUSE Enterprise Linux Security Update for mariadb (SUSE-SU-2021:2617-1)
750927 OpenSUSE Security Update for mariadb (openSUSE-SU-2021:2617-1)
750931 OpenSUSE Security Update for mariadb (openSUSE-SU-2021:2616-1)
750934 SUSE Enterprise Linux Security Update for mariadb (SUSE-SU-2021:2634-1)
900121 CBL-Mariner Linux Security Update for mariadb 10.3.17
903130 Common Base Linux Mariner (CBL-Mariner) Security Update for mariadb (4012)
940224 AlmaLinux Security Update for mariadb:10.3 and mariadb-devel:10.3 (ALSA-2021:1242)
960422 Rocky Linux Security Update for mariadb:10.3 and mariadb-devel:10.3 (RLSA-2021:1242)