Wiz
Vulnerability DatabaseCVE-2020-7221

CVE-2020-7221
MariaDB Server vulnerability analysis and mitigation

Overview

CVE-2020-7221 affects MariaDB versions 10.4.7 through 10.4.11, specifically the mysql_install_db script. The vulnerability allows privilege escalation from the mysql user account to root due to unsafe execution of chown and chmod commands. This vulnerability was discovered on January 14, 2020, and was fixed in MariaDB 10.4.12 released on January 28, 2020. Notably, this vulnerability does not affect Oracle MySQL product, which implements mysql_install_db differently (OSS Security).

Technical details

The vulnerability exists in the mysql_install_db script where file permissions and ownership are set unsafely. The script performs a sequence of commands as root that includes changing ownership of auth_pam_tool_dir to mysql user with mode 0700, followed by setting the auth_pam_tool binary as setuid-root with mode 04755. These operations are executed unconditionally without checking the current owner and mode of the auth_pam_tool_dir (OSS Security).

Impact

If the mysql account is compromised, an attacker can exploit this vulnerability through a symlink attack or by placing an arbitrary binary in auth_pam_tool_dir/auth_pam_tool, which would gain setuid-root privileges when mysql_install_db is run. This allows full root privileges escalation from a mysql user account (OSS Security).

Mitigation and workarounds

The issue was fixed in MariaDB 10.4.12 by modifying the script to only execute the problematic commands when the --rpm command line parameter is not passed. For Deb/RPM packaging, MariaDB suggests using specific directory modes: root:mysql 0750 for the auth_pam_tool_dir to maintain security while avoiding the dangerous situation of a setuid-root binary residing in a directory owned by an unprivileged user (GitHub Commit).

Community reactions

The vulnerability was initially reported privately to MariaDB's security team on January 14, 2020. The vendor confirmed the issue the same day and requested embargo until the next release. While a technical discussion about the appropriate fix was attempted, it did not lead to a comprehensive solution. The fix was eventually included in MariaDB 10.4.12, released on January 28, 2020, though the reporter was not informed about the publication (OSS Security).

Additional resources

SourceThis report was generated using AI

Related MariaDB Server vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-13699HIGH7
  • MariaDB ServerMariaDB Server
  • mariadb-devel:10.3::mariadb-gssapi-server
NoYesDec 23, 2025
CVE-2025-30722MEDIUM6.8
  • MySQLMySQL
  • rapidjson
NoYesApr 15, 2025
CVE-2025-30693MEDIUM5.5
  • MySQLMySQL
  • mariadb-devel
NoYesApr 15, 2025
CVE-2023-52971MEDIUM4.9
  • MariaDB ServerMariaDB Server
  • mariadb-gssapi-server-debuginfo
NoYesMar 08, 2025
CVE-2023-52970MEDIUM4.9
  • MariaDB ServerMariaDB Server
  • libmariadbd19
NoYesMar 08, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo