vulnerability
Ubuntu: (CVE-2020-7221): mariadb-10.0 vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:C/I:C/A:C) | Feb 4, 2020 | Jun 26, 2025 | Mar 27, 2026 |
Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
Feb 4, 2020
Added
Jun 26, 2025
Modified
Mar 27, 2026
Description
mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently.
Solution
no-fix-ubuntu-package
References
- CVE-2020-7221
- https://attackerkb.com/topics/CVE-2020-7221
- CWE-59
- EUVD-EUVD-2020-28350
- https://bugzilla.suse.com/show_bug.cgi?id=1160868
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2020-28350
- https://github.com/MariaDB/server/commit/9d18b6246755472c8324bf3e20e234e08ac45618
- https://seclists.org/oss-sec/2020/q1/55
- https://www.cve.org/CVERecord?id=CVE-2020-7221
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.