CVE-2014-7210

Published: Jun 26, 2025Modified: Aug 6, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backends are not affected.

Affected (2)

Products: Debian: Pdns, Debian Linux

2 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Debian Pdns	Before 3.3.1-1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://lists.debian.org/debian-lts-announce/2016/05/msg00046.html

Source: security@debian.org

Mailing ListVendor Advisory

https://salsa.debian.org/debian/pdns/-/commit/f0de6b3583039bb63344fbd5eb246939264d7b05

Source: security@debian.org

Patch

Timeline

No history available yet.