CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-15945

The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 5.7%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 7.2

References

https://bugs.gentoo.org/630822
https://security.gentoo.org/glsa/201711-04
https://bugs.gentoo.org/630822
https://security.gentoo.org/glsa/201711-04

Products affected by CVE-2017-15945

Mariadb » Mariadb » Version: Any

cpe:2.3:a:mariadb:mariadb:*
Mysql » Mysql » Version: Any

cpe:2.3:a:mysql:mysql:*
Gentoo » Linux » Version: N/A

cpe:2.3:o:gentoo:linux:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-15945

Products

Pricing

Contact Us