Local Privilege Escalation in Gentoo MySQL and MariaDB Products
CVE-2017-15945

7.8HIGH

Key Information:

Vendor: Mariadb
Status: Mariadb; Mysql
Vendor: CVE Published:; 27 October 2017

What is CVE-2017-15945?

The installation scripts in various Gentoo database packages, including MySQL and MariaDB, are affected by a vulnerability that allows local users to gain elevated privileges. Specifically, these scripts contain insecure calls to 'chown' on user-writable directory trees. This can be exploited by a local user with access to the MySQL account, enabling them to create symbolic links that may lead to unauthorized access to sensitive resources. It is crucial for administrators to apply relevant patches to mitigate this risk.

References

https://bugs.gentoo.org/630822

x_refsource_CONFIRM

https://security.gentoo.org/glsa/201711-04

vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 27, 2017
Vulnerability Reserved
Oct 27, 2017

Mariadb

What is CVE-2017-15945?

References

CVSS V3.1

Timeline