Описание
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.
Ссылки
- Broken LinkIssue TrackingThird Party Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
- Broken LinkIssue TrackingThird Party Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Одновременно
Одно из
EPSS
5.5 Medium
CVSS3
3.6 Low
CVSS2
Дефекты
Связанные уязвимости
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scri ...
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.
Уязвимость скриптов pg_ctlcluster, pg_createcluster и pg_upgradecluster из пакета postgresql-common система управления базами данных PostgreSQL, позволяющая нарушителю оказать воздействие на целостность данных
EPSS
5.5 Medium
CVSS3
3.6 Low
CVSS2