Incorrect Permission Assignment for Critical Resource

CVE-2017-15945

High

7.8/10

Summary

The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-732 - Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References

Advisory Timeline

Published Oct 27, 2017

Incorrect Permission Assignment for Critical Resource

CVE-2017-15945

Summary

CWE-732 - Incorrect Permission Assignment for Critical Resource

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS