CVE-2017-15945

The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
mariadbmariadb
𝑥
< 10.0.30
mysqlmysql
𝑥
< 5.6.36
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://bugs.gentoo.org/630822
https://security.gentoo.org/glsa/201711-04
https://bugs.gentoo.org/630822
https://security.gentoo.org/glsa/201711-04