CVE-2017-15945

Published: Oct 27, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.

Affected (2)

Products: Mariadb: Mariadb · Mysql: Mysql

1 product

1 product

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mariadb Mariadb	Before 10.0.30
Mysql Mysql	Before 5.6.36

Running on/with	Platform Versions
Gentoo Linux	All versions

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

https://bugs.gentoo.org/630822

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://security.gentoo.org/glsa/201711-04

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://bugs.gentoo.org/630822

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://security.gentoo.org/glsa/201711-04

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

Timeline

No history available yet.