user/mariadb: CVE-2020-7221: symlink attack
Bugzilla ID | 238 |
Alias(es) | CVE-2020-7221 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2020-02-24 23:13:31 -0600 |
Modified | 2020-03-03 08:09:11 -0600 |
Status | RESOLVED FIXED |
Version | 1.0-RC1 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
URL | https://nvd.nist.gov/vuln/detail/CVE-2020-7221 |
Description
mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege
escalation from the mysql user account to root because chown and chmod
are performed unsafely, as demonstrated by a symlink attack on a chmod
04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect
the Oracle MySQL product, which implements mysql_install_db
differently.