Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2021-27928

Related Vulnerabilities: CVE-2021-27928  

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.

Source

Description

The MITRE CVE dictionary describes this issue as:

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.

Additional Information

  • Bugzilla 1940909: CVE-2021-27928 mariadb: writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user
  • CWE-426->CWE-78: Untrusted Search Path leads to Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • FAQ: Frequently asked questions about CVE-2021-27928

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started