A vulnerability, which was classified as critical, was found in MariaDB 10.4.7/10.4.8/10.4.9/10.4.10/10.4.11 (Database Software). Affected is an unknown functionality. The manipulation with an unknown input leads to a privileges management vulnerability. CWE is classifying the issue as CWE-269. The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently.

The weakness was disclosed 02/04/2020 (GitHub Repository). The advisory is available at github.com. This vulnerability is traded as CVE-2020-7221 since 01/17/2020. Local access is required to approach this attack. The successful exploitation needs a authentication. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1068 by the MITRE ATT&CK project.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The entries VDB-203102, VDB-203103, VDB-203104 and VDB-203105 are pretty similar.

Productinfo

Type

• Database Software

Name

• MariaDB

Version

• 10.4.7
• 10.4.8
• 10.4.9
• 10.4.10
• 10.4.11

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion