Vulnerability Description
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mariadb | Mariadb | < 10.0.30 |
| Mysql | Mysql | < 5.6.36 |
| Gentoo | Linux | - |
Related Weaknesses (CWE)
References
- https://bugs.gentoo.org/630822Issue TrackingThird Party Advisory
- https://security.gentoo.org/glsa/201711-04Issue TrackingThird Party Advisory
- https://bugs.gentoo.org/630822Issue TrackingThird Party Advisory
- https://security.gentoo.org/glsa/201711-04Issue TrackingThird Party Advisory
FAQ
What is CVE-2017-15945?
CVE-2017-15945 is a vulnerability with a CVSS score of 7.8 (HIGH). The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writabl...
How severe is CVE-2017-15945?
CVE-2017-15945 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-15945?
Check the references section above for vendor advisories and patch information. Affected products include: Mariadb Mariadb, Mysql Mysql, Gentoo Linux.