CVE-2017-15097

Опубликовано: 07 дек. 2017

Источник: redhat

CVSS3: 6.5

EPSS Низкий

Описание

Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.

Отчет

Red Hat Enterprise Linux 6 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
CloudForms Management Engine 5	rh-postgresql94-postgresql	Under investigation
CloudForms Management Engine 5	rh-postgresql95-postgresql	Under investigation
Red Hat Enterprise Linux 5	postgresql	Will not fix
Red Hat Enterprise Linux 5	postgresql84	Will not fix
Red Hat Enterprise Linux 6	postgresql	Will not fix
Red Hat Satellite 5	postgresql92-postgresql	Under investigation
Red Hat Enterprise Linux 7	postgresql	Fixed	RHSA-2017:3402	08.12.2017
Red Hat Software Collections for Red Hat Enterprise Linux 6	rh-postgresql94-postgresql	Fixed	RHSA-2017:3403	08.12.2017
Red Hat Software Collections for Red Hat Enterprise Linux 6	rh-postgresql95-postgresql	Fixed	RHSA-2017:3404	08.12.2017
Red Hat Software Collections for Red Hat Enterprise Linux 6	rh-postgresql96-postgresql	Fixed	RHSA-2017:3405	08.12.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-59

https://bugzilla.redhat.com/show_bug.cgi?id=1508985postgresql: Start scripts permit database administrator to modify root-owned files

EPSS

Процентиль: 8%

0.00034

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2017-15097

CVSS3: 6.5

nvd

почти 7 лет назад

GHSA-4fwh-62fj-p4ww

CVSS3: 6.7

github

около 3 лет назад

ELSA-2017-3402

oracle-oval

больше 7 лет назад