CVE-2014-7210
BaseFortify
Publication date: 2025-06-26
Last updated on: 2025-08-06
Assigner: Debian GNU/Linux
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| debian | pdns | to 3.3.1-1 (exc) |
| debian | debian_linux | 7.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-276 | During installation, installed file permissions are set to allow anyone to modify those files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in CVE-2014-7210 affects the pdns package with the MySQL backend on Debian systems before version 3.3.1-1. The issue is that the maintainer scripts for pdns-backend-mysql grant overly broad database permissions to the pdns MySQL user, giving it more privileges than necessary. This excessive permission could lead to security risks. Other backends of pdns are not affected by this vulnerability. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing the pdns MySQL user to have excessive database permissions, which could be exploited to perform unauthorized actions on the database. This could lead to potential data exposure, modification, or other malicious activities within the database managed by pdns. If you are running pdns with the MySQL backend, this could compromise the security of your database. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking the database permissions granted to the pdns MySQL user. Specifically, look for overly broad GRANT statements assigned to the pdns user in your MySQL database. To do this, you can run MySQL commands such as: SHOW GRANTS FOR 'pdns'@'localhost'; This will display the permissions currently granted to the pdns user. If you see excessive privileges beyond what is necessary for pdns operation, your system may be affected. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the pdns package to a fixed version that removes the excessive permissions (at least version 3.1-4.1+deb7u1 or later). Additionally, since the excessive database grants are not automatically removed by the upgrade, you should manually remove these permissions by following the instructions in the file /usr/share/doc/pdns-backend-mysql/NEWS.Debian.gz. This will ensure that the pdns MySQL user has only the necessary privileges. Consulting Debian LTS security advisories and applying recommended updates is also advised. [1]