{"id":"CVE-2020-7221","details":"mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently.","aliases":["BIT-mariadb-2020-7221","BIT-mariadb-min-2020-7221","BIT-mysql-client-2020-7221"],"modified":"2026-01-31T16:17:14.397980Z","published":"2020-02-04T17:15:13.233Z","related":["SUSE-RU-2023:3956-1","SUSE-RU-2023:4991-1","openSUSE-SU-2024:11038-1"],"references":[{"type":"ADVISORY","url":"https://bugzilla.suse.com/show_bug.cgi?id=1160868"},{"type":"ADVISORY","url":"https://github.com/MariaDB/server/commit/9d18b6246755472c8324bf3e20e234e08ac45618"},{"type":"ADVISORY","url":"https://seclists.org/oss-sec/2020/q1/55"},{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=1160868"},{"type":"ARTICLE","url":"https://seclists.org/oss-sec/2020/q1/55"},{"type":"EVIDENCE","url":"https://bugzilla.suse.com/show_bug.cgi?id=1160868"},{"type":"EVIDENCE","url":"https://seclists.org/oss-sec/2020/q1/55"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mariadb/server","events":[{"introduced":"0"},{"fixed":"9d18b6246755472c8324bf3e20e234e08ac45618"}]}],"versions":["mariadb-10.0.11","mariadb-10.0.12","mariadb-10.0.13","mariadb-10.0.14","mariadb-10.0.15","mariadb-10.0.16","mariadb-10.0.17","mariadb-10.0.18","mariadb-10.0.19","mariadb-10.0.20","mariadb-10.0.21","mariadb-10.0.22","mariadb-10.0.23","mariadb-10.0.24","mariadb-10.0.25","mariadb-10.0.26","mariadb-10.0.27","mariadb-10.0.28","mariadb-10.0.29","mariadb-10.0.30","mariadb-10.0.31","mariadb-10.0.32","mariadb-10.0.33","mariadb-10.0.34","mariadb-10.0.35","mariadb-10.0.36","mariadb-10.0.37","mariadb-10.0.38","mariadb-10.1.0","mariadb-10.1.1","mariadb-10.1.10","mariadb-10.1.11","mariadb-10.1.12","mariadb-10.1.13","mariadb-10.1.14","mariadb-10.1.15","mariadb-10.1.16","mariadb-10.1.17","mariadb-10.1.18","mariadb-10.1.19","mariadb-10.1.2","mariadb-10.1.20","mariadb-10.1.21","mariadb-10.1.22","mariadb-10.1.23","mariadb-10.1.24","mariadb-10.1.25","mariadb-10.1.26","mariadb-10.1.27","mariadb-10.1.28","mariadb-10.1.29","mariadb-10.1.3","mariadb-10.1.30","mariadb-10.1.31","mariadb-10.1.32","mariadb-10.1.33","mariadb-10.1.34","mariadb-10.1.35","mariadb-10.1.36","mariadb-10.1.37","mariadb-10.1.38","mariadb-10.1.39","mariadb-10.1.4","mariadb-10.1.40","mariadb-10.1.41","mariadb-10.1.42","mariadb-10.1.43","mariadb-10.1.5","mariadb-10.1.6","mariadb-10.1.7","mariadb-10.1.8","mariadb-10.1.9","mariadb-10.2.0","mariadb-10.2.1","mariadb-10.2.10","mariadb-10.2.11","mariadb-10.2.12","mariadb-10.2.13","mariadb-10.2.14","mariadb-10.2.15","mariadb-10.2.16","mariadb-10.2.17","mariadb-10.2.18","mariadb-10.2.19","mariadb-10.2.2","mariadb-10.2.20","mariadb-10.2.21","mariadb-10.2.22","mariadb-10.2.23","mariadb-10.2.24","mariadb-10.2.25","mariadb-10.2.26","mariadb-10.2.27","mariadb-10.2.28","mariadb-10.2.29","mariadb-10.2.3","mariadb-10.2.30","mariadb-10.2.4","mariadb-10.2.5","mariadb-10.2.6","mariadb-10.2.7","mariadb-10.2.8","mariadb-10.2.9","mariadb-10.3.0","mariadb-10.3.1","mariadb-10.3.10","mariadb-10.3.11","mariadb-10.3.12","mariadb-10.3.13","mariadb-10.3.14","mariadb-10.3.15","mariadb-10.3.16","mariadb-10.3.17","mariadb-10.3.18","mariadb-10.3.19","mariadb-10.3.2","mariadb-10.3.20","mariadb-10.3.21","mariadb-10.3.3","mariadb-10.3.4","mariadb-10.3.5","mariadb-10.3.6","mariadb-10.3.7","mariadb-10.3.8","mariadb-10.3.9","mariadb-10.4.0","mariadb-10.4.1","mariadb-10.4.10","mariadb-10.4.11","mariadb-10.4.2","mariadb-10.4.3","mariadb-10.4.4","mariadb-10.4.5","mariadb-10.4.6","mariadb-10.4.7","mariadb-10.4.8","mariadb-10.4.9","mariadb-5.5.37","mariadb-5.5.38","mariadb-5.5.39","mariadb-5.5.40","mariadb-5.5.41","mariadb-5.5.42","mariadb-5.5.43","mariadb-5.5.44","mariadb-5.5.45","mariadb-5.5.46","mariadb-5.5.47","mariadb-5.5.48","mariadb-5.5.49","mariadb-5.5.50","mariadb-5.5.51","mariadb-5.5.52","mariadb-5.5.53","mariadb-5.5.54","mariadb-5.5.55","mariadb-5.5.56","mariadb-5.5.57","mariadb-5.5.58","mariadb-5.5.59","mariadb-5.5.60","mariadb-5.5.61","mariadb-5.5.62","mariadb-5.5.63","mariadb-5.5.64","mariadb-5.5.65","mariadb-5.5.66","mariadb-galera-10.0.10","mariadb-galera-10.0.11","mariadb-galera-10.0.12","mariadb-galera-10.0.13","mariadb-galera-10.0.14","mariadb-galera-10.0.15","mariadb-galera-10.0.16","mariadb-galera-10.0.17","mariadb-galera-10.0.19","mariadb-galera-10.0.20","mariadb-galera-10.0.21","mariadb-galera-10.0.22","mariadb-galera-10.0.23","mariadb-galera-10.0.24","mariadb-galera-10.0.25","mariadb-galera-10.0.26","mariadb-galera-10.0.27","mariadb-galera-10.0.28","mariadb-galera-10.0.29","mariadb-galera-10.0.30","mariadb-galera-10.0.31","mariadb-galera-10.0.32","mariadb-galera-10.0.33","mariadb-galera-10.0.34","mariadb-galera-10.0.35","mariadb-galera-10.0.36","mariadb-galera-10.0.37","mariadb-galera-10.0.7","mariadb-galera-10.0.7a","mariadb-galera-5.5.25","mariadb-galera-5.5.28a","mariadb-galera-5.5.29","mariadb-galera-5.5.32","mariadb-galera-5.5.32a","mariadb-galera-5.5.34","mariadb-galera-5.5.35","mariadb-galera-5.5.36","mariadb-galera-5.5.36a","mariadb-galera-5.5.37","mariadb-galera-5.5.38","mariadb-galera-5.5.39","mariadb-galera-5.5.40","mariadb-galera-5.5.41","mariadb-galera-5.5.42","mariadb-galera-5.5.43","mariadb-galera-5.5.44","mariadb-galera-5.5.45","mariadb-galera-5.5.46","mariadb-galera-5.5.47","mariadb-galera-5.5.48","mariadb-galera-5.5.49","mariadb-galera-5.5.50","mariadb-galera-5.5.51","mariadb-galera-5.5.52","mariadb-galera-5.5.53","mariadb-galera-5.5.54","mariadb-galera-5.5.55","mariadb-galera-5.5.56","mariadb-galera-5.5.57","mariadb-galera-5.5.58","mariadb-galera-5.5.59","mariadb-galera-5.5.60","mariadb-galera-5.5.61","mariadb-galera-5.5.62","mysql-5.5.37","mysql-5.5.38","mysql-5.5.39","mysql-5.5.40","mysql-5.5.41","mysql-5.5.42","mysql-5.5.43","mysql-5.5.44","mysql-5.5.45","mysql-5.5.46","mysql-5.5.47","mysql-5.5.48","mysql-5.5.49","mysql-5.5.50","mysql-5.5.51","mysql-5.5.52","mysql-5.5.53","mysql-5.5.54","mysql-5.5.55","mysql-5.5.56","mysql-5.5.57","mysql-5.5.58","mysql-5.5.59","mysql-5.5.60","mysql-5.5.61","mysql-5.5.62","percona-xtradb-1.0.2-1","tokudb-7.1.0","tokudb-7.1.5","tokudb-7.1.5-rc.1","tokudb-7.1.5-rc.2","tokudb-7.1.5-rc.3","tokudb-7.1.5-rc.4","tokudb-ps-1","tokudb-ps-2","tokumx-1.0.0-rc.0","tokumx-1.0.0-rc.2","tokumx-1.0.0-rc.4","tokumx-1.0.0-rc.5","tokumx-1.0.0-rc.6","tokumx-1.0.2","tokumx-1.0.4","tokumx-1.0.4-rc.0","tokumx-1.0.4-rc.1","tokumx-1.0.4-rc.2","tokumx-1.1.0","tokumx-1.1.1","tokumx-1.1.1-rc.0","tokumx-1.2.0-rc.2","tokumx-1.3.0-rc.0","tokumx-1.3.0-rc.1","tokumx-1.4.0+hotfix.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7221.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}