Описание
mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently.
A privilege escalation vulnerability was found in MariaDB, in the way it handled a setuid program during the installation process. A local MySQL user could abuse this flaw to escalate their privileges on the system, by gaining root privileges once the bash script mysql_install_db.sh is executed.
Отчет
This flaw did not affect the versions of MariaDB as shipped with Red Hat Enterprise Linux 7, and 8 as they did not include the vulnerable code, which was introduced in a newer version of the package. The same is true for the versions of MariaDB as shipped with Red Hat Software Collections 3.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | mariadb | Not affected | ||
| Red Hat Enterprise Linux 8 | mariadb | Not affected | ||
| Red Hat OpenStack Platform 13 (Queens) | mariadb | Not affected | ||
| Red Hat Software Collections | rh-mariadb102 | Not affected | ||
| Red Hat Software Collections | rh-mariadb103 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently.
mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently.
mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege es ...
mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently.
Уязвимость функции mysql_install_db системы управления базами данных MariaDB, связанная с некорректным определением ссылки перед доступом к файлу, позволяющая нарушителю повысить свои привилегии
EPSS
7.8 High
CVSS3