Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-12172

Опубликовано: 09 нояб. 2017
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server.

Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.

Отчет

Red Hat Enterprise Linux 6 and Satellite 5 are now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5postgresql94Affected
Red Hat Enterprise Linux 5postgresqlWill not fix
Red Hat Enterprise Linux 5postgresql84Will not fix
Red Hat Enterprise Linux 6postgresqlWill not fix
Red Hat Satellite 5rh-postgresql95-postgresqlAffected
Red Hat Enterprise Linux 7postgresqlFixedRHSA-2017:340208.12.2017
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-postgresql94-postgresqlFixedRHSA-2017:340308.12.2017
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-postgresql95-postgresqlFixedRHSA-2017:340408.12.2017
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-postgresql96-postgresqlFixedRHSA-2017:340508.12.2017
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUSrh-postgresql94-postgresqlFixedRHSA-2017:340308.12.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-59
https://bugzilla.redhat.com/show_bug.cgi?id=1498394postgresql: Start scripts permit database administrator to modify root-owned files

EPSS

Процентиль: 14%
0.00047
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-12172

CVSS3: 6.7
ubuntu
больше 7 лет назад

PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server.

nvd логотип

CVE-2017-12172

CVSS3: 6.7
nvd
больше 7 лет назад

PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server.

debian логотип

CVE-2017-12172

CVSS3: 6.7
debian
больше 7 лет назад

PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, ...

github логотип

GHSA-r936-w9vp-c53q

CVSS3: 6.7
github
около 3 лет назад

PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server.

fstec логотип

BDU:2019-03335

CVSS3: 6.7
fstec
больше 7 лет назад

Уязвимость системы управления базами данных PostgreSQL, связанная с возможностью работы под учетной записью операционной системы без полномочий root, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 14%
0.00047
Низкий

6.5 Medium

CVSS3