CVE-2017-3265
Public on 2017-01-27
Modified on 2017-05-19
Description
Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | mysql55 | 2017-05-19 | ALAS-2017-831 | Fixed |
| Amazon Linux 1 | mysql56 | 2017-05-18 | ALAS-2017-830 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 5.6 | CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H |
| NVD | CVSSv2 | 4.9 | AV:N/AC:M/Au:S/C:P/I:N/A:P |
| NVD | CVSSv3 | 5.6 | CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H |