Описание
An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
[Disputed] A flaw was found in MariaDB. This flaw allows a remote attacker to use a specially crafted payload to execute arbitrary commands in certain configurations.
Отчет
The MariaDB Foundation disputes this CVE, stating that it does not involve a privilege boundary being crossed.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | mariadb | Not affected | ||
| Red Hat Enterprise Linux 8 | mariadb:10.11/mariadb | Not affected | ||
| Red Hat Enterprise Linux 8 | mariadb:10.3/mariadb | Not affected | ||
| Red Hat Enterprise Linux 8 | mariadb:10.5/mariadb | Not affected | ||
| Red Hat Enterprise Linux 8 | mariadb-devel:10.3/mariadb | Not affected | ||
| Red Hat Enterprise Linux 9 | mariadb | Not affected | ||
| Red Hat Enterprise Linux 9 | mariadb:10.11/mariadb | Not affected |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
An issue in MariaDB v.11.1 allows a remote attacker to execute arbitra ...
An issue in MYSQL MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function.
Уязвимость библиотеки lib_mysqludf_sys.so системы управления базами данных MariaDB, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
5.5 Medium
CVSS3