Recent news from Penetration Testing Company has disclosed that MariaDB has a vulnerability that could put data in jeopardy. The said vulnerability is an arbitrary file deletion vulnerability that was extremely simple to exploit. The vulnerability is scary. It allows attackers to corrupt certain privileged files. Rack911 Labs released a public advisory on the subject on the 9th of November, 2020.
Made by the original developers of MySQL, today MariaDB has become one of the most globally popular databases. It is used by a few tech giants across the globe including WordPress, Google & even Wikipedia. Though its journey started as an improved replacement of SQL, MariaDB has today become a preferred database, owing to its fast & scalable ecosystem. It has a number of storage engines, plugins & tools that help create a versatile experience for various use cases.
Update is the solution!
Updating the system might help you secure your data from falling prey to malevolent users as a result of the vulnerability. The company had resolved the vulnerability & issued updates on the system on the 4th of November, nearly 10 days after the vulnerability was confirmed by the organization.
The vulnerability detected in MariaDB is an arbitrary file delete one that gives access to common attackers to files. These unprivileged users can then corrupt or delete any files owned by a ‘MySQL’ user, including those in other databases. Using insecure temporary files related to MyISAM/Aria operations that led to this vulnerability.
In Rack911’s testing of MariaDB, most of the hosting control panels that used MariaDB were found to be vulnerable to this particular vulnerability. Considering the ease of exploitation in this case, MariaDB has announced that its users to update their systems at the earliest.
MariaDB has worked exceptionally well to ensure the safety of data & patch the vulnerability as soon as possible. But this still puts the company’s image at risk. For a global leader like MariaDB, the security of data is expected by its users. With the news of exposed vulnerabilities like this one, it puts the image of the company in question. The company built on to their user’s trust by patching the vulnerability at the earliest. Soon after the vulnerability was reported, MariaDB released an update, resolving the vulnerability.