mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently.
References
Link | Resource |
---|---|
https://github.com/MariaDB/server/commit/9d18b6246755472c8324bf3e20e234e08ac45618 | Third Party Advisory |
https://bugzilla.suse.com/show_bug.cgi?id=1160868 | Exploit Issue Tracking Third Party Advisory |
https://seclists.org/oss-sec/2020/q1/55 | Exploit Mailing List Third Party Advisory |
Configurations
Information
Published : 2020-02-04 09:15
Updated : 2021-07-21 04:39
NVD link : CVE-2020-7221
Mitre link : CVE-2020-7221
JSON object : View
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')
Products Affected
mariadb
- mariadb