Remote Code Execution Vulnerability in PostgreSQL by Vendor PostgreSQL
CVE-2017-12172

6.7MEDIUM

Key Information:

Vendor
Red Hat
Status
Postgresql
Vendor
CVE Published:
22 November 2017

Summary

PostgreSQL versions 10.x prior to 10.1 and various 9.x versions are susceptible to a remote code execution vulnerability. The issue arises when PostgreSQL runs under a non-root operation account and database superusers are granted the ability to execute arbitrary code. This vulnerability is exploitative in nature, as attackers could potentially escalate their privileges to root level. The root of the problem lies in the handling of log file names, which database superusers may replace with symbolic links that the system executes as root upon starting the server. This configuration creates a loophole that can be abused, underscoring the importance of applying timely updates and utilizing stringent security practices.

Affected Version(s)

postgresql 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, 9.2.x before 9.2.24

References

https://access.redhat.com/errata/RHSA-2017:3402
vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/101949
vdb-entryx_refsource_BID
https://access.redhat.com/errata/RHSA-2017:3403
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.