Multiple remote code execution flaws in sqlite (Magellan)
Table of Contents
Overview
Multiple remote code execution flaws were reported in SQLite. Attackers can trigger this flaw by executing arbitrary SQL statements on SQLite database and can result in execution of arbitrary code with the permissions of the user running the SQLite application. This vulnerability is also known as "Magellan".
This flaw does NOT affect the version of sqlite package shipped with the Red Hat Enterprise Linux 5, 6 and 7.
Affected Products
| Product | Package | Advisory/Update |
|---|---|---|
| Red Hat Enterprise Linux 6 Supplementary | chromium-browser | RHSA-2018:3803 |
Analysis
The attacker needs to be able to execute arbitrary SQL statements in order to corrupt the databases and run arbitrary code as the user running SQLite applications. This is uncommon in applications; normally only administrative users are allowed to run SQL statements.
Chromium however exposes SQLite via WebSQL. This issue was address by Chromium 71.0.3578.80 via RHSA-2018:3803
Mozilla Firefox uses SQLite only to store internal profile information, browsing history, and other similar information and should not be exploitable remotely.
References
https://bugzilla.redhat.com/show_bug.cgi?id=1659379
https://blade.tencent.com/magellan/index_en.html
https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
Comments