MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193.
{ "binaries": [ { "binary_version": "10.0.38-0ubuntu0.16.04.1", "binary_name": "libmariadbd-dev" }, { "binary_version": "10.0.38-0ubuntu0.16.04.1", "binary_name": "libmariadbd18" }, { "binary_version": "10.0.38-0ubuntu0.16.04.1", "binary_name": "mariadb-client" }, { "binary_version": "10.0.38-0ubuntu0.16.04.1", "binary_name": "mariadb-client-10.0" }, { "binary_version": "10.0.38-0ubuntu0.16.04.1", "binary_name": "mariadb-client-core-10.0" }, { "binary_version": "10.0.38-0ubuntu0.16.04.1", "binary_name": "mariadb-common" }, { "binary_version": "10.0.38-0ubuntu0.16.04.1", "binary_name": "mariadb-plugin-connect" }, { "binary_version": "10.0.38-0ubuntu0.16.04.1", "binary_name": "mariadb-plugin-mroonga" }, { "binary_version": "10.0.38-0ubuntu0.16.04.1", "binary_name": "mariadb-plugin-oqgraph" }, { "binary_version": "10.0.38-0ubuntu0.16.04.1", "binary_name": "mariadb-plugin-spider" }, { "binary_version": "10.0.38-0ubuntu0.16.04.1", "binary_name": "mariadb-plugin-tokudb" }, { "binary_version": "10.0.38-0ubuntu0.16.04.1", "binary_name": "mariadb-server" }, { "binary_version": "10.0.38-0ubuntu0.16.04.1", "binary_name": "mariadb-server-10.0" }, { "binary_version": "10.0.38-0ubuntu0.16.04.1", "binary_name": "mariadb-server-core-10.0" }, { "binary_version": "10.0.38-0ubuntu0.16.04.1", "binary_name": "mariadb-test" }, { "binary_version": "10.0.38-0ubuntu0.16.04.1", "binary_name": "mariadb-test-data" } ] }
{ "binaries": [ { "binary_version": "1:10.1.48-0ubuntu0.18.04.1", "binary_name": "libmariadbclient-dev" }, { "binary_version": "1:10.1.48-0ubuntu0.18.04.1", "binary_name": "libmariadbclient-dev-compat" }, { "binary_version": "1:10.1.48-0ubuntu0.18.04.1", "binary_name": "libmariadbclient18" }, { "binary_version": "1:10.1.48-0ubuntu0.18.04.1", "binary_name": "libmariadbd-dev" }, { "binary_version": "1:10.1.48-0ubuntu0.18.04.1", "binary_name": "libmariadbd18" }, { "binary_version": "1:10.1.48-0ubuntu0.18.04.1", "binary_name": "mariadb-client" }, { "binary_version": "1:10.1.48-0ubuntu0.18.04.1", "binary_name": "mariadb-client-10.1" }, { "binary_version": "1:10.1.48-0ubuntu0.18.04.1", "binary_name": "mariadb-client-core-10.1" }, { "binary_version": "1:10.1.48-0ubuntu0.18.04.1", "binary_name": "mariadb-common" }, { "binary_version": "1:10.1.48-0ubuntu0.18.04.1", "binary_name": "mariadb-plugin-connect" }, { "binary_version": "1:10.1.48-0ubuntu0.18.04.1", "binary_name": "mariadb-plugin-cracklib-password-check" }, { "binary_version": "1:10.1.48-0ubuntu0.18.04.1", "binary_name": "mariadb-plugin-gssapi-client" }, { "binary_version": "1:10.1.48-0ubuntu0.18.04.1", "binary_name": "mariadb-plugin-gssapi-server" }, { "binary_version": "1:10.1.48-0ubuntu0.18.04.1", "binary_name": "mariadb-plugin-mroonga" }, { "binary_version": "1:10.1.48-0ubuntu0.18.04.1", "binary_name": "mariadb-plugin-oqgraph" }, { "binary_version": "1:10.1.48-0ubuntu0.18.04.1", "binary_name": "mariadb-plugin-spider" }, { "binary_version": "1:10.1.48-0ubuntu0.18.04.1", "binary_name": "mariadb-plugin-tokudb" }, { "binary_version": "1:10.1.48-0ubuntu0.18.04.1", "binary_name": "mariadb-server" }, { "binary_version": "1:10.1.48-0ubuntu0.18.04.1", "binary_name": "mariadb-server-10.1" }, { "binary_version": "1:10.1.48-0ubuntu0.18.04.1", "binary_name": "mariadb-server-core-10.1" }, { "binary_version": "1:10.1.48-0ubuntu0.18.04.1", "binary_name": "mariadb-test" }, { "binary_version": "1:10.1.48-0ubuntu0.18.04.1", "binary_name": "mariadb-test-data" } ] }
{ "binaries": [ { "binary_version": "1:10.3.34-0ubuntu0.20.04.1", "binary_name": "libmariadb-dev" }, { "binary_version": "1:10.3.34-0ubuntu0.20.04.1", "binary_name": "libmariadb-dev-compat" }, { "binary_version": "1:10.3.34-0ubuntu0.20.04.1", "binary_name": "libmariadb3" }, { "binary_version": "1:10.3.34-0ubuntu0.20.04.1", "binary_name": "libmariadbclient-dev" }, { "binary_version": "1:10.3.34-0ubuntu0.20.04.1", "binary_name": "libmariadbd-dev" }, { "binary_version": "1:10.3.34-0ubuntu0.20.04.1", "binary_name": "libmariadbd19" }, { "binary_version": "1:10.3.34-0ubuntu0.20.04.1", "binary_name": "mariadb-backup" }, { "binary_version": "1:10.3.34-0ubuntu0.20.04.1", "binary_name": "mariadb-client" }, { "binary_version": "1:10.3.34-0ubuntu0.20.04.1", "binary_name": "mariadb-client-10.3" }, { "binary_version": "1:10.3.34-0ubuntu0.20.04.1", "binary_name": "mariadb-client-core-10.3" }, { "binary_version": "1:10.3.34-0ubuntu0.20.04.1", "binary_name": "mariadb-common" }, { "binary_version": "1:10.3.34-0ubuntu0.20.04.1", "binary_name": "mariadb-plugin-connect" }, { "binary_version": "1:10.3.34-0ubuntu0.20.04.1", "binary_name": "mariadb-plugin-cracklib-password-check" }, { "binary_version": "1:10.3.34-0ubuntu0.20.04.1", "binary_name": "mariadb-plugin-gssapi-client" }, { "binary_version": "1:10.3.34-0ubuntu0.20.04.1", "binary_name": "mariadb-plugin-gssapi-server" }, { "binary_version": "1:10.3.34-0ubuntu0.20.04.1", "binary_name": "mariadb-plugin-mroonga" }, { "binary_version": "1:10.3.34-0ubuntu0.20.04.1", "binary_name": "mariadb-plugin-oqgraph" }, { "binary_version": "1:10.3.34-0ubuntu0.20.04.1", "binary_name": "mariadb-plugin-rocksdb" }, { "binary_version": "1:10.3.34-0ubuntu0.20.04.1", "binary_name": "mariadb-plugin-spider" }, { "binary_version": "1:10.3.34-0ubuntu0.20.04.1", "binary_name": "mariadb-plugin-tokudb" }, { "binary_version": "1:10.3.34-0ubuntu0.20.04.1", "binary_name": "mariadb-server" }, { "binary_version": "1:10.3.34-0ubuntu0.20.04.1", "binary_name": "mariadb-server-10.3" }, { "binary_version": "1:10.3.34-0ubuntu0.20.04.1", "binary_name": "mariadb-server-core-10.3" }, { "binary_version": "1:10.3.34-0ubuntu0.20.04.1", "binary_name": "mariadb-test" }, { "binary_version": "1:10.3.34-0ubuntu0.20.04.1", "binary_name": "mariadb-test-data" } ], "availability": "No subscription required" }