Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | mysql55 | 2017-05-19 00:27 | ALAS-2017-831 |
Amazon Linux 1 | mysql56 | 2017-05-18 22:01 | ALAS-2017-830 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 5.6 | CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H |
NVD | CVSSv2 | 4.9 | AV:N/AC:M/Au:S/C:P/I:N/A:P |
NVD | CVSSv3 | 5.6 | CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H |