MariaDB – MyiSAM/Aria Temporary Files Arbitrary File Delete Vulnerability

Product Description:

MariaDB Server is one of the most popular database servers in the world. It’s made by the original developers of MySQL and guaranteed to stay open source. Notable users include Wikipedia, WordPress.com and Google.

MariaDB turns data into structured information in a wide array of applications, ranging from banking to websites. Originally designed as enhanced, drop-in replacement for MySQL, MariaDB is used because it is fast, scalable and robust, with a rich ecosystem of storage engines, plugins and many other tools make it very versatile for a wide variety of use cases.

Vulnerability Discussion:

MariaDB is vulnerable to an arbitrary file delete vulnerability that allows unprivileged users the ability to corrupt and/or delete files owned by the ‘mysql’ user including other user databases.

This vulnerability is allowed to happen due to the use of insecure temporary files related to the MyISAM/Aria operations.

In our testing, most hosting control panels that use MariaDB are vulnerable to this exploit. It is incredibly easy to exploit and users are highly recommended to update as soon as possible.

Vendor Contact Timeline:

2020-08-23: Vendor contacted via email.
2020-08-24: Vendor confirms vulnerability.
2020-11-04: Vendor issues update(s) 10.5.7, 10.4.16, 10.3.26, 10.2.35, 10.1.48 resolving vulnerability.
2020-11-09: RACK911 Labs releases public advisory.

About Us:

https://www.RACK911Labs.com

RACK911 Labs
1110 Palms Airport Drive, Suite 110
Las Vegas, NV 89119

1-855-RACK911

Reference(s):

https://jira.mariadb.org/browse/MDEV-23569

https://mariadb.com/kb/en/mariadb-1057-release-notes/

https://mariadb.com/kb/en/mariadb-10416-release-notes/

https://mariadb.com/kb/en/mariadb-10326-release-notes/

https://mariadb.com/kb/en/mariadb-10235-release-notes/

https://mariadb.com/kb/en/mariadb-10148-release-notes/