vulnerability
SUSE: CVE-2020-7221: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:C/I:C/A:C) | Feb 4, 2020 | Feb 4, 2022 | Feb 4, 2022 |
Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
Feb 4, 2020
Added
Feb 4, 2022
Modified
Feb 4, 2022
Description
mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently.
Solutions
suse-upgrade-libmariadbd-develsuse-upgrade-libmariadbd19suse-upgrade-mariadbsuse-upgrade-mariadb-clientsuse-upgrade-mariadb-errormessagessuse-upgrade-mariadb-tools
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.