Type: Arbitrary File Delete (CWE-59)
Vulnerable Version: All versions prior to fixed versions.
Fixed Version: 10.5.7, 10.4.16, 10.3.26, 10.2.35, 10.1.48
CVE Number: *PENDING*
Found By: RACK911 Labs
MariaDB Server is one of the most popular database servers in the world. It’s made by the original developers of MySQL and guaranteed to stay open source. Notable users include Wikipedia, WordPress.com and Google.
MariaDB turns data into structured information in a wide array of applications, ranging from banking to websites. Originally designed as enhanced, drop-in replacement for MySQL, MariaDB is used because it is fast, scalable and robust, with a rich ecosystem of storage engines, plugins and many other tools make it very versatile for a wide variety of use cases.
MariaDB is vulnerable to an arbitrary file delete vulnerability that allows unprivileged users the ability to corrupt and/or delete files owned by the 'mysql' user including other user databases.
This vulnerability is allowed to happen due to the use of insecure temporary files related to the MyISAM/Aria operations.
In our testing, most hosting control panels that use MariaDB are vulnerable to this exploit. It is incredibly easy to exploit and users are highly recommended to update as soon as possible.
Vendor Contact Timeline:
2020-08-23: Vendor contacted via email.
2020-08-24: Vendor confirms vulnerability.
2020-11-04: Vendor issues update(s) resolving vulnerability.
2020-11-09: RACK911 Labs releases public advisory.
1110 Palms Airport Drive, Suite 110
Las Vegas, NV 89119