Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MariaDB 安全漏洞
Vulnerability Description
MariaDB是MariaDB基金会的一套免费开源的数据库管理系统,也是一个采用Maria存储引擎的MySQL分支版本。 MariaDB 10.4.7至10.4.11版本的mysql_install_db脚本中存在安全漏洞,该漏洞源于程序没有安全地执行chown和chmod。本地攻击者可利用该漏洞将mysql用户权限提升至root。
CVSS Information
N/A
Vulnerability Type
N/A