CVE-2017-15365

sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.
References
Link Resource
https://access.redhat.com/errata/RHSA-2019:1258
https://bugzilla.redhat.com/show_bug.cgi?id=1524234 Issue Tracking Third Party Advisory
https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/
https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ Release Notes Vendor Advisory
https://mariadb.com/kb/en/library/mariadb-10210-release-notes/ Release Notes Vendor Advisory
https://www.debian.org/security/2018/dsa-4341
https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/ Release Notes Vendor Advisory
https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html Release Notes Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:1258
https://bugzilla.redhat.com/show_bug.cgi?id=1524234 Issue Tracking Third Party Advisory
https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/
https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ Release Notes Vendor Advisory
https://mariadb.com/kb/en/library/mariadb-10210-release-notes/ Release Notes Vendor Advisory
https://www.debian.org/security/2018/dsa-4341
https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/ Release Notes Vendor Advisory
https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html Release Notes Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:percona:xtradb_cluster:*:*:*:*:*:*:*:*
cpe:2.3:a:percona:xtradb_cluster:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:14

Type Values Removed Values Added
References () https://access.redhat.com/errata/RHSA-2019:1258 - () https://access.redhat.com/errata/RHSA-2019:1258 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=1524234 - Issue Tracking, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=1524234 - Issue Tracking, Third Party Advisory
References () https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e - Patch, Third Party Advisory () https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e - Patch, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/ -
References () https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ - Release Notes, Vendor Advisory () https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ - Release Notes, Vendor Advisory
References () https://mariadb.com/kb/en/library/mariadb-10210-release-notes/ - Release Notes, Vendor Advisory () https://mariadb.com/kb/en/library/mariadb-10210-release-notes/ - Release Notes, Vendor Advisory
References () https://www.debian.org/security/2018/dsa-4341 - () https://www.debian.org/security/2018/dsa-4341 -
References () https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/ - Release Notes, Vendor Advisory () https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/ - Release Notes, Vendor Advisory
References () https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html - Release Notes, Vendor Advisory () https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html - Release Notes, Vendor Advisory

Information

Published : 2018-01-25 16:29

Updated : 2024-11-21 03:14


NVD link : CVE-2017-15365

Mitre link : CVE-2017-15365

CVE.ORG link : CVE-2017-15365


JSON object : View

Products Affected

percona

  • xtradb_cluster

fedoraproject

  • fedora

mariadb

  • mariadb