Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2020-7221
Description:mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently.
Test IDs: 1.3.6.1.4.1.25623.1.0.143482  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2020-7221
https://bugzilla.suse.com/show_bug.cgi?id=1160868
https://seclists.org/oss-sec/2020/q1/55




© 1998-2024 E-Soft Inc. All rights reserved.