Vulnerability Description
mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mariadb | Mariadb | >= 10.4.7, <= 10.4.11 |
Related Weaknesses (CWE)
References
- https://bugzilla.suse.com/show_bug.cgi?id=1160868ExploitIssue TrackingThird Party Advisory
- https://github.com/MariaDB/server/commit/9d18b6246755472c8324bf3e20e234e08ac4561Third Party Advisory
- https://seclists.org/oss-sec/2020/q1/55ExploitMailing ListThird Party Advisory
- https://bugzilla.suse.com/show_bug.cgi?id=1160868ExploitIssue TrackingThird Party Advisory
- https://github.com/MariaDB/server/commit/9d18b6246755472c8324bf3e20e234e08ac4561Third Party Advisory
- https://seclists.org/oss-sec/2020/q1/55ExploitMailing ListThird Party Advisory
FAQ
What is CVE-2020-7221?
CVE-2020-7221 is a vulnerability with a CVSS score of 7.8 (HIGH). mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack o...
How severe is CVE-2020-7221?
CVE-2020-7221 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-7221?
Check the references section above for vendor advisories and patch information. Affected products include: Mariadb Mariadb.