CVE-2020-7221

Published: 2/4/2020 Last updated: 8/4/2024 Reserved: 1/17/2020

mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (2)

conf-mariadb conf-mysql

Products affected (2)

Product	Vendor	Version
n/a	n/a	< c99769bceab4ecb6a067b9af11f9db281eea3e2a
n/a	n/a	< 5.15

References (12)

https://seclists.org/oss-sec/2020/q1/55
https://bugzilla.suse.com/show_bug.cgi?id=1160868
https://github.com/MariaDB/server/commit/9d18b6246755472c8324bf3e20e234e08ac45618
https://seclists.org/oss-sec/2020/q1/55
https://bugzilla.suse.com/show_bug.cgi?id=1160868
https://github.com/MariaDB/server/commit/9d18b6246755472c8324bf3e20e234e08ac45618
https://seclists.org/oss-sec/2020/q1/55
https://bugzilla.suse.com/show_bug.cgi?id=1160868
https://github.com/MariaDB/server/commit/9d18b6246755472c8324bf3e20e234e08ac45618
https://seclists.org/oss-sec/2020/q1/55
https://bugzilla.suse.com/show_bug.cgi?id=1160868
https://github.com/MariaDB/server/commit/9d18b6246755472c8324bf3e20e234e08ac45618