Candidate: CVE-2020-28912
PublicDate: 2020-12-24 20:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28912
 https://jira.mariadb.org/browse/MDEV-24040
 https://github.com/MariaDB/server/commit/3829b408d6
Description:
 With MariaDB running on Windows, when local clients connect to the server
 over named pipes, it's possible for an unprivileged user with an ability to
 run code on the server machine to intercept the named pipe connection and
 act as a man-in-the-middle, gaining access to all the data passed between
 the client and the server, and getting the ability to run SQL commands on
 behalf of the connected user. This occurs because of an incorrect security
 descriptor. This affects MariaDB Server before 10.1.48, 10.2.x before
 10.2.35, 10.3.x before 10.3.26, 10.4.x before 10.4.16, and 10.5.x before
 10.5.7. NOTE: this issue exists because certain details of the MariaDB
 CVE-2019-2503 fix did not comprehensively address attack variants against
 MariaDB. This situation is specific to MariaDB, and thus CVE-2020-28912
 does NOT apply to other vendors that were originally affected by
 CVE-2019-2503.
Ubuntu-Description:
Notes:
 seth-arnold> This issue appears to be Windows-specific
Mitigation:
Bugs:
Priority: negligible
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H [7.0 HIGH]


Patches_mariadb-10.5:
upstream_mariadb-10.5: not-affected (debian: Only affects MariaDB on Windows)
precise/esm_mariadb-10.5: DNE
trusty_mariadb-10.5: ignored (out of standard support)
trusty/esm_mariadb-10.5: DNE
xenial_mariadb-10.5: DNE
bionic_mariadb-10.5: DNE
focal_mariadb-10.5: DNE
groovy_mariadb-10.5: DNE
devel_mariadb-10.5: DNE

Patches_mariadb-10.3:
upstream_mariadb-10.3: not-affected (debian: Only affects MariaDB on Windows)
precise/esm_mariadb-10.3: DNE
trusty_mariadb-10.3: ignored (out of standard support)
trusty/esm_mariadb-10.3: DNE
xenial_mariadb-10.3: DNE
bionic_mariadb-10.3: DNE
focal_mariadb-10.3: not-affected
groovy_mariadb-10.3: not-affected
devel_mariadb-10.3: not-affected

Patches_mariadb-10.1:
upstream_mariadb-10.1: not-affected (debian: Only affects MariaDB on Windows)
precise/esm_mariadb-10.1: DNE
trusty_mariadb-10.1: ignored (out of standard support)
trusty/esm_mariadb-10.1: DNE
xenial_mariadb-10.1: DNE
bionic_mariadb-10.1: not-affected
focal_mariadb-10.1: DNE
groovy_mariadb-10.1: DNE
devel_mariadb-10.1: DNE