The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.
References
Link | Resource |
---|---|
https://bugs.gentoo.org/630822 | Issue Tracking Third Party Advisory |
https://security.gentoo.org/glsa/201711-04 | Issue Tracking Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2017-10-27 21:29
Updated : 2024-02-28 16:04
NVD link : CVE-2017-15945
Mitre link : CVE-2017-15945
CVE.ORG link : CVE-2017-15945
JSON object : View
Products Affected
mariadb
- mariadb
mysql
- mysql
gentoo
- linux
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource