CVE-2020-7221

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-7221
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7221.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-7221
Aliases
Downstream
Related
Published
2020-02-04T17:15:13.233Z
Modified
2026-03-10T23:22:02.338581Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

mysqlinstalldb in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of authpamtooldir/authpamtool. NOTE: this does not affect the Oracle MySQL product, which implements mysqlinstall_db differently.

References

Affected packages

Git / github.com/mariadb/server

Affected ranges

Type
GIT
Repo
https://github.com/mariadb/server
Events
Introduced
9a78a283f4ee7e8ccc4afb1d8a24c662fa4c634b
Last affected
7c2c420b70b19cc02b5281127205e876f3919dad
Fixed
9d18b6246755472c8324bf3e20e234e08ac45618
Database specific 
{
    "versions": [
        {
            "introduced": "10.4.7"
        },
        {
            "last_affected": "10.4.11"
        }
    ]
}

Affected versions

mariadb-10.*
mariadb-10.1.41
mariadb-10.1.42
mariadb-10.1.43
mariadb-10.2.26
mariadb-10.2.27
mariadb-10.2.28
mariadb-10.2.29
mariadb-10.2.30
mariadb-10.3.18
mariadb-10.3.19
mariadb-10.3.20
mariadb-10.3.21
mariadb-10.4.10
mariadb-10.4.11
mariadb-10.4.7
mariadb-10.4.8
mariadb-10.4.9
mariadb-5.*
mariadb-5.5.66

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7221.json"