Multiple remote code execution flaws in sqlite (Magellan)

Updated -

Overview

Multiple remote code execution flaws were reported in SQLite. Attackers can trigger this flaw by executing arbitrary SQL statements on SQLite database and can result in execution of arbitrary code with the permissions of the user running the SQLite application. This vulnerability is also known as "Magellan".

This flaw does NOT affect the version of sqlite package shipped with the Red Hat Enterprise Linux 5, 6 and 7.

Affected Products

Product Package Advisory/Update
Red Hat Enterprise Linux 6 Supplementary chromium-browser RHSA-2018:3803

Analysis

The attacker needs to be able to execute arbitrary SQL statements in order to corrupt the databases and run arbitrary code as the user running SQLite applications. This is uncommon in applications; normally only administrative users are allowed to run SQL statements.

Chromium however exposes SQLite via WebSQL. This issue was address by Chromium 71.0.3578.80 via RHSA-2018:3803

Mozilla Firefox uses SQLite only to store internal profile information, browsing history, and other similar information and should not be exploitable remotely.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1659379
https://blade.tencent.com/magellan/index_en.html
https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html

Comments