Asset identifier: MariaDB Server & Connectors - Denial of Service
Asset type: SOURCE_CODE
Availability requirement: low
Confidentiality requirement: low
Eligible for bounty:
Eligible for submissions: true
Instruction: Any program errors that attackers can use to crash the server immediately and/or corrupt its internal state and configuration permanently, preventing the user from easily resuming the service, resulting in near, or total loss of availability are commonly know as Denial of Service (DoS) attacks. In addition to the vulnerabilities listed in the RCE scope, the ones that don't lead to a code execution scenario, but do crash the server or lead to program state corruption at run-time, further examples include:
* NULL pointer dereferences
* Concurrency issues leading to dead-locks, buffer underruns and race conditions
* Resource and memory leaks leading to a DoS condition in a short period of time
Our source code is on [GitHub](https://github.com/MariaDB).
Integrity requirements: low
Max severity: medium
Asset identifier: MariaDB Server & Connectors - Access control bypass
Asset type: SOURCE_CODE
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction: Any vulnerability leading to database authentication bypass, privilege escalation and other access control bypass attacks are considered Critical and will be handled accordingly. Examples of security vulnerabilities that subvert access controls are:
* Authentication bypass (tricking the server to authenticate as any user without valid credentials)
* Vertical escalation of privilege (normal user gains administrative access)
* Horizontal escalation of privilege (normal user can view/modify databases of another user)
Our source code is on [GitHub](https://github.com/MariaDB).
Integrity requirements: high
Max severity: critical
Asset identifier: MariaDB Server & Connectors - Data corruption, exfiltration, disclosure
Asset type: SOURCE_CODE
Availability requirement: low
Confidentiality requirement: low
Eligible for bounty:
Eligible for submissions: true
Instruction: Data corruption attacks that affect the integrity of the database without authentication or privileges to do that normally are considered with a base risk of Medium and depending on the severity of the corruption and affected data, it can be raised to Critical. Similarly, for data exfiltration attacks that affect the confidentiality of the database without authorization to do that normally and attacks leading to protected information disclosure without authentication or authorization are considered as Medium severity but can be elevated to Critical on a case by case basis.
In addition to all of the other classified attacks that lead to total control of the server and/or the underlying operating system, like a buffer overflow with remote code execution, other examples of security vulnerabilities that lead to corruption and leakages are:
* overwriting configuration/random files in the filesystem via SQL routines
* sensitive information leaks via unprotected log files
* path traversal leading to protected information disclosure
* information exposure via warning and error messages with superfluous verbosity
* cryptographic algorithm implementation and design errors
Our source code is on [GitHub](https://github.com/MariaDB).
Integrity requirements: low
Max severity: medium
Asset identifier: MariaDB Server & Connectors - Remote Code Execution
Asset type: SOURCE_CODE
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction: Gaining unauthorized Remote Code Execution (RCE) on the server, slave (replication, federated) or client machine is considered a Critical vulnerability. Examples of security vulnerabilities that could potentially lead to such a vulnerability include:
* Stack based buffer overflows
* Heap based buffer overflows
* Format string errors
* Off by one errors
* Integer overflows, divide-by-zero, precision errors that lead to controlable memory corruption
* Dangling pointer, double free and use after free
While this list doesn't aim to be exhaustive, you have to prove that your report does lead to Remote Code Execution via known exploitation techniques either directly or by chaining multiple, previously undisclosed/unfixed, vulnerabilities together. Otherwise they should be classified as denial of service (DoS).
Our source code is on [GitHub](https://github.com/MariaDB).
Integrity requirements: high
Max severity: critical
Asset identifier: mariadb.org
Asset type: URL
Availability requirement: low
Confidentiality requirement: low
Eligible for bounty:
Eligible for submissions: true
Instruction: Critical security issues in our website, support, development, testing, release infrastructure and web services that could potentially affect end users of MariaDB server. Examples are server side attack vectors that lead to binary release distribution integrity corruption or web attacks that could lead to serious compromise of our infrastructure, such as:
* Cross Site Scripting (XSS)
* Cross Site Request Forgery (CSRF)
* Server Side Request Forgery (SSRF)
* Remote Code Execution (RCE)
* Remote Command Injection (RCI)
* Remote File Injection (RFI)
* SQL Injection (SQLi)
Please refrain from full-blown penetration testing, automated scans and other activities that might lead to privacy violations, destruction of data, and interruption or degradation of our service. See *Limited Scope* Policy section for details.
List of web sites covered by this asset:
* https://mariadb.org
* https://downloads.mariadb.org
* https://buildbot.mariadb.org
