CVE-2019-18901: 
MariaDB Server vulnerability analysis and mitigation

A UNIX Symbolic Link (Symlink) Following vulnerability (CVE-2019-18901) was discovered in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12 and SUSE Linux Enterprise Server 15. The vulnerability allows local attackers to change the permissions of arbitrary files to 0640. This issue affects SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1 and SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1 (NVD).

The vulnerability exists in SUSE's specific mysql-systemd-helper script which unsafely operates on the path /var/lib/mysql/mysql_upgrade_info. The script performs echo and chmod operations on this file as root, while the /var/lib/mysql directory is owned by the mysql user. This creates a race condition that can be exploited through a symlink attack (SUSE Bug). The vulnerability has been assigned a CVSS v3.1 base score of 5.5 MEDIUM (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) by NIST NVD (NVD).

The vulnerability allows local attackers to modify file permissions of arbitrary files to 0640. While the chmod operation doesn't make files world-readable, it still presents a security risk as it allows unauthorized permission modifications (SUSE Bug).

The vulnerability has been fixed in SUSE Linux Enterprise Server 12 mariadb version 10.2.31-3.25.1 and SUSE Linux Enterprise Server 15 mariadb version 10.2.31-3.26.1. Users should upgrade to these or later versions. The fix involves either creating the mysql_upgrade_info file in a safe location owned by root or ensuring it's created by the user that owns the /var/lib/mysql directory (OpenSUSE Update).