CVE-2017-12172
MEDIUM
6,7
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: high
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH
7,2
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: none
Confidentiality: complete
Integrity: complete
Availability: complete
Description
AI Translation Available
PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0004
Percentile
0,1th
Updated
EPSS Score Trend (Last 91 Days)
59
Improper Link Resolution Before File Access ('Link Following')
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Access Control
Other
Potential Impacts:
Read Files Or Directories
Modify Files Or Directories
Bypass Protection Mechanism
Execute Unauthorized Code Or Commands
Applicable Platforms
Operating Systems:
Windows, Unix
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.3.10:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:10:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.3.15:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.3.18:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.3.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.2.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.2.18:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.2.9:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.2.17:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.2.22:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.4.8:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.2.7:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.3.8:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.5.8:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.3.12:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.2.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.2.16:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.2.23:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.6.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.4.12:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.2.12:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.4.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.2.21:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.6.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.3.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.2.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.3.11:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.2.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.3.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.2.15:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.5.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.5.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.3.9:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.2.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.4.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.3.13:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.4.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.4.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.3.19:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.3.17:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.4.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.2.11:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.2.14:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.5.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.6.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.6.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.3.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.4.9:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.2.8:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.4.10:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.4.11:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.3.14:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.5.7:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.4.7:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.2.19:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.2.20:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.3.7:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.2.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.6.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.5.9:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.5.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.3.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.2.13:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.4.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.2.10:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.4.13:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.3.16:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.4.14:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.5.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.5.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Postgresql by Postgresql
CPE Identifier
View Detailed Analysis
cpe:2.3:a:postgresql:postgresql:9.3.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://access.redhat.com/errata/RHSA-2017:3402
https://access.redhat.com/errata/RHSA-2017:3403
https://access.redhat.com/errata/RHSA-2017:3404
https://access.redhat.com/errata/RHSA-2017:3405
https://www.postgresql.org/about/news/1801/
https://www.postgresql.org/support/security/
http://www.securityfocus.com/bid/101949
http://www.securitytracker.com/id/1039752
https://access.redhat.com/errata/RHSA-2017:3402
https://access.redhat.com/errata/RHSA-2017:3403
https://access.redhat.com/errata/RHSA-2017:3404
https://access.redhat.com/errata/RHSA-2017:3405
https://www.postgresql.org/about/news/1801/
https://www.postgresql.org/support/security/
http://www.securityfocus.com/bid/101949
http://www.securitytracker.com/id/1039752