Vulnerability Details CVE-2020-7221
mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.2%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- https://bugzilla.suse.com/show_bug.cgi?id=1160868
- https://github.com/MariaDB/server/commit/9d18b6246755472c8324bf3e20e234e08ac45618
- https://seclists.org/oss-sec/2020/q1/55
- https://bugzilla.suse.com/show_bug.cgi?id=1160868
- https://github.com/MariaDB/server/commit/9d18b6246755472c8324bf3e20e234e08ac45618
- https://seclists.org/oss-sec/2020/q1/55
Products affected by CVE-2020-7221
-
cpe:2.3:a:mariadb:mariadb:10.4.10
-
cpe:2.3:a:mariadb:mariadb:10.4.11
-
cpe:2.3:a:mariadb:mariadb:10.4.7
-
cpe:2.3:a:mariadb:mariadb:10.4.8
-
cpe:2.3:a:mariadb:mariadb:10.4.9