{"id":"CVE-2020-7221","details":"mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently.","aliases":["BIT-mariadb-2020-7221","BIT-mariadb-min-2020-7221","BIT-mysql-client-2020-7221"],"modified":"2026-03-14T10:34:26.866241Z","published":"2020-02-04T17:15:13.233Z","related":["SUSE-RU-2023:3956-1","SUSE-RU-2023:4991-1","openSUSE-SU-2024:11038-1"],"references":[{"type":"ADVISORY","url":"https://github.com/MariaDB/server/commit/9d18b6246755472c8324bf3e20e234e08ac45618"},{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=1160868"},{"type":"EVIDENCE","url":"https://seclists.org/oss-sec/2020/q1/55"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mariadb/server","events":[{"introduced":"9a78a283f4ee7e8ccc4afb1d8a24c662fa4c634b"},{"last_affected":"7c2c420b70b19cc02b5281127205e876f3919dad"},{"fixed":"9d18b6246755472c8324bf3e20e234e08ac45618"}],"database_specific":{"versions":[{"introduced":"10.4.7"},{"last_affected":"10.4.11"}]}}],"versions":["mariadb-10.1.41","mariadb-10.1.42","mariadb-10.1.43","mariadb-10.2.26","mariadb-10.2.27","mariadb-10.2.28","mariadb-10.2.29","mariadb-10.2.30","mariadb-10.3.18","mariadb-10.3.19","mariadb-10.3.20","mariadb-10.3.21","mariadb-10.4.10","mariadb-10.4.11","mariadb-10.4.7","mariadb-10.4.8","mariadb-10.4.9","mariadb-5.5.66"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7221.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}