Bug 1072167 - (CVE-2017-15365) VUL-0: CVE-2017-15365: mariadb: Replication in sql/event_data_objects.cc occurs before ACL checks
(CVE-2017-15365)
VUL-0: CVE-2017-15365: mariadb: Replication in sql/event_data_objects.cc occu...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/196405/
CVSSv3:RedHat:CVE-2017-15365:4.3:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-12-11 13:20 UTC by Johannes Segitz
Modified: 2020-01-31 15:06 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2017-12-11 13:20:17 UTC
RH disected the MariaDB release notes:

rh#1524234

MariaDB have noted in their release notes that reserved CVE-2017-15365 has been fixed in version 10.2.10[1], however they have not described how or what the vulnerability was. This CVE is also mentioned to affect Percona[2] with the fix is described as:

"Added access checks for DDL commands to make sure they do not get replicated if they failed without proper permissions"

A comparison with the MariaDB 10.2.10 changelog[3] and Percona description finds this commit[4], which seems a likely candidate for both describing and fixing the vulnerability.
The vulnerable code block in sql/event_data_objects.cc is also present in version 10.1, suggesting that it is also affected.

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15365
[1] https://mariadb.com/kb/en/library/mariadb-10210-release-notes/
[2] https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html
[3] https://mariadb.com/kb/en/library/mariadb-10210-changelog/
[4] https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e?diff=unified

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1524234
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15365
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15365
Comment 1 Kristyna Streitova 2017-12-12 15:23:37 UTC
@MariaDB Engineering: Can you please confirm if other MariaDB series apart from 10.2 are or are not affected by CVE-2017-15365? Thank you in advance.
Comment 2 MariaDB Engineering 2017-12-12 18:48:54 UTC
10.1 is affected too, will be fixed in 10.1.30

Note that it's mostly a theoretical issue that can be potentially exploited only in rather artificial conditions.
Comment 7 Swamp Workflow Management 2019-06-06 22:11:15 UTC
SUSE-SU-2019:1441-1: An update that solves 24 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1013882,1064113,1064114,1072167,1101676,1101677,1101678,1103342,1112368,1112377,1112384,1112386,1112391,1112397,1112404,1112415,1112417,1112421,1112432,1112767,1116686,1118754,1120041,1122198,1122475,1127027
CVE References: CVE-2016-9843,CVE-2017-10320,CVE-2017-10365,CVE-2017-15365,CVE-2018-2759,CVE-2018-2777,CVE-2018-2786,CVE-2018-2810,CVE-2018-3058,CVE-2018-3060,CVE-2018-3063,CVE-2018-3064,CVE-2018-3066,CVE-2018-3143,CVE-2018-3156,CVE-2018-3162,CVE-2018-3173,CVE-2018-3174,CVE-2018-3185,CVE-2018-3200,CVE-2018-3251,CVE-2018-3277,CVE-2018-3282,CVE-2018-3284
Sources used:
SUSE OpenStack Cloud 7 (src):    mariadb-10.2.22-10.1, mariadb-connector-c-3.0.7-1.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Marcus Meissner 2020-01-31 15:06:14 UTC
released