Описание
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.
Ссылки
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 10.0.30 (исключая)Версия до 5.6.36 (исключая)
Одновременно
Одно из
cpe:2.3:a:mariadb:mariadb:*:r1:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:*:r1:*:*:*:*:*:*
cpe:2.3:o:gentoo:linux:-:*:*:*:*:*:*:*
EPSS
Процентиль: 7%
0.0003
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-732
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.
EPSS
Процентиль: 7%
0.0003
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-732