Vulnerability Details

MariaDB 10.4.7 - 10.4.11 Privilege Escalation Vulnerability (Linux)

Published: 2020-02-06 06:09:44
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:L/AC:L/Au:S/C:C/I:C/A:C

Detection Type:
Remote Banner Unreliable

Solution Type:
Vendor Patch

Summary:
MariaDB is prone to a privilege escalation vulnerability.

Technical Details:
mysql_install_db in MariaDB allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool.

Detection Method:
Checks if a vulnerable version is present on the target host.

Affected Versions:
MariaDB versions 10.4.7 - 10.4.11.

Recommendations:
Update to version 10.4.12 or later.

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2020-7221

References:

https://seclists.org/oss-sec/2020/q1/55

Search
Severity
Medium
CVSS Score
6.8

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.