Description
mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently.
References (3)
Core 3
Core References
Exploit, Mailing List, Third Party Advisory x_refsource_misc
https://seclists.org/oss-sec/2020/q1/55
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.suse.com/show_bug.cgi?id=1160868
Third Party Advisory x_refsource_confirm
https://github.com/MariaDB/server/commit/9d18b6246755472c8324bf3e20e234e08ac45618
Scores
CVSS v3
7.8
EPSS
0.0027
EPSS Percentile
50.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-59
Status
published
Products (1)
mariadb/mariadb
10.4.7 - 10.4.11
Published
Feb 04, 2020
Tracked Since
Feb 18, 2026