{"containers": {"cna": {"affected": [{"product": "postgresql", "vendor": "Red Hat, Inc.", "versions": [{"status": "affected", "version": "10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, 9.2.x before 9.2.24"}]}], "datePublic": "2017-11-09T00:00:00", "descriptions": [{"lang": "en", "value": "PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-59", "description": "CWE-59", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-12-08T10:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2017:3402", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3402"}, {"name": "101949", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101949"}, {"name": "RHSA-2017:3403", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3403"}, {"name": "RHSA-2017:3405", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3405"}, {"tags": ["x_refsource_MISC"], "url": "https://www.postgresql.org/support/security/"}, {"name": "1039752", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039752"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.postgresql.org/about/news/1801/"}, {"name": "RHSA-2017:3404", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3404"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "DATE_PUBLIC": "2017-11-09T00:00:00", "ID": "CVE-2017-12172", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "postgresql", "version": {"version_data": [{"version_value": "10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, 9.2.x before 9.2.24"}]}}]}, "vendor_name": "Red Hat, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-59"}]}]}, "references": {"reference_data": [{"name": "RHSA-2017:3402", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3402"}, {"name": "101949", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101949"}, {"name": "RHSA-2017:3403", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3403"}, {"name": "RHSA-2017:3405", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3405"}, {"name": "https://www.postgresql.org/support/security/", "refsource": "MISC", "url": "https://www.postgresql.org/support/security/"}, {"name": "1039752", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039752"}, {"name": "https://www.postgresql.org/about/news/1801/", "refsource": "CONFIRM", "url": "https://www.postgresql.org/about/news/1801/"}, {"name": "RHSA-2017:3404", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3404"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:28:16.655Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2017:3402", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:3402"}, {"name": "101949", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101949"}, {"name": "RHSA-2017:3403", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:3403"}, {"name": "RHSA-2017:3405", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:3405"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.postgresql.org/support/security/"}, {"name": "1039752", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039752"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.postgresql.org/about/news/1801/"}, {"name": "RHSA-2017:3404", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:3404"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-12172", "datePublished": "2017-11-22T19:00:00Z", "dateReserved": "2017-08-01T00:00:00", "dateUpdated": "2024-09-16T22:20:22.695Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "AD27648F-E2FF-4779-97F9-2632DCC6B16D", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "CEFB4916-8B59-4534-804C-CF9DA1B18508", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "3413A3AB-45A3-48E1-9B30-1194C4E7D49D", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "5760CE83-4802-42A0-9338-E1E634882450", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "6B41009E-4028-4D82-B8D0-8B949EDC0A68", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "832F3EBE-A92C-4FB3-BF3C-0E7B750F966B", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "1571EE80-55A6-4F91-909B-C46BA19EC76F", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "2848E3BC-293A-4A75-BEB7-C2F1637AD3E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "ADC9133E-94FC-4199-BD69-BBB46CF3799F", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "200172CE-40AB-49E3-93D1-9947E3CBFFF8", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "E90B21A9-19A7-4DCB-A2FE-C558CCB6BBB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "924D1F84-EC50-44C3-A156-DC8E3A5E3909", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "4A5EAF3B-B148-4B57-8E4E-0B5365003DFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.13:*:*:*:*:*:*:*", "matchCriteriaId": "D5CE8DB4-CD97-4F60-9080-9FB093BD60CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.14:*:*:*:*:*:*:*", "matchCriteriaId": "9B5AA780-4378-4959-9256-510C65E6E5B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.15:*:*:*:*:*:*:*", "matchCriteriaId": "74C9EB31-5D8E-4583-BC95-700F53854964", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.16:*:*:*:*:*:*:*", "matchCriteriaId": "3700FF66-108C-47C2-B4C2-1CB0B5575EDA", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.17:*:*:*:*:*:*:*", "matchCriteriaId": "239F26B4-CFB2-4D7A-939E-0215A336A490", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.18:*:*:*:*:*:*:*", "matchCriteriaId": "1C32070D-D751-4D3E-9457-5B1D1C551E70", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.19:*:*:*:*:*:*:*", "matchCriteriaId": "BADABD34-25A1-46D3-AEFB-249E912A723A", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.20:*:*:*:*:*:*:*", "matchCriteriaId": "C53E81C9-5693-4929-BC19-DEBAEF686E0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.21:*:*:*:*:*:*:*", "matchCriteriaId": "52B92B02-44DD-40D4-94F7-A3EE4621D854", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.22:*:*:*:*:*:*:*", "matchCriteriaId": "24DF332B-0391-410E-9F92-DAE1329E0031", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.23:*:*:*:*:*:*:*", "matchCriteriaId": "3D9D0339-16F8-4E26-87B5-2543E860B77E", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3:*:*:*:*:*:*:*", "matchCriteriaId": "5B890251-95EB-44F3-A6A7-F718F3C807B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2E5BD02-8C3D-4687-88DE-1C00366270E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "709F5DF9-9F3A-42C3-890B-521B13118C0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "14D85A34-C897-4E52-8F97-18CA51C5461A", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "A40DAD2B-A6D4-43D8-B282-A3C672356D6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "FC2FE391-9414-480E-A9B1-CF70280E315E", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "55B6A4ED-FA3B-4251-BF82-755F95277CF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "C7142DF3-124D-43D7-ADD9-70F4F7298557", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "28DEA438-A0ED-49DC-AE51-4E9D8D4B6E7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "810B184F-6FB8-48D8-A569-F47BA43C4862", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "064BF155-7E2D-47B9-BD2B-C6E9FC06F5FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "676A81BD-7EEE-4770-B9AC-451B09844D6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.12:*:*:*:*:*:*:*", "matchCriteriaId": "30F23D38-BDD6-48E6-A6B2-29CD962EED99", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.13:*:*:*:*:*:*:*", "matchCriteriaId": "89833234-3890-4E2E-8FCF-09925D83ED67", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.14:*:*:*:*:*:*:*", "matchCriteriaId": "B8F3ACC3-CB15-47E3-A511-E1D1F75E797F", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.15:*:*:*:*:*:*:*", "matchCriteriaId": "0F6FD785-7C9F-4302-B7ED-93CA04473ACE", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.16:*:*:*:*:*:*:*", "matchCriteriaId": "EC1BA72C-3A6E-450B-A3DE-3898DEAA9225", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.17:*:*:*:*:*:*:*", "matchCriteriaId": "8FB6018C-3FC5-4D4E-BA7C-07C0A3B47976", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.18:*:*:*:*:*:*:*", "matchCriteriaId": "12EC8B10-6556-4235-B3DC-C47C13675894", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.19:*:*:*:*:*:*:*", "matchCriteriaId": "8CE02C19-1FFE-474F-8098-D6A09A34667E", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4:*:*:*:*:*:*:*", "matchCriteriaId": "77D1323D-3096-4D0F-823A-ECAC9017646D", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "8A587AF3-5E70-4455-8621-DFD048207DE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "526AFF26-B3EC-41C3-AC4C-85BFA3F99AC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "89D2CAB7-C3D9-4F21-B902-2E498D00EFEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "88797795-8B1C-455F-8C52-6169B2E47D53", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "DBDE0CC8-F1DF-4723-8FCB-9A33EA8B12D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "90F13667-019B-49DF-929C-3D376FCDE6E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "B9E20AA3-C0D3-492C-AF3B-9F61550E6983", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "251C78CA-EEC0-49A8-A3D2-3C86D16CCB7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "AB443A75-2466-4164-A71B-9203933CB0D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "B02839D4-EE7D-4D42-8934-322E46B643D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "B1BAE807-A21F-4980-B64E-911F5E9B16BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.12:*:*:*:*:*:*:*", "matchCriteriaId": "46ED9A2E-8169-4470-AE61-54829B11BDAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.13:*:*:*:*:*:*:*", "matchCriteriaId": "EA755AFD-C904-4CDE-9B28-D7E5C4AAA550", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.14:*:*:*:*:*:*:*", "matchCriteriaId": "F8B5D56C-5F3D-455E-82C3-B661E7809AED", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5:*:*:*:*:*:*:*", "matchCriteriaId": "9FF7FC5B-C9E3-4109-B3D6-9AC06F75DCB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2C15A86-9ED9-492E-877B-86963DAA761A", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "9EF74623-EF0E-455D-ADEB-9E336B539D86", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "FACD7AB7-34E9-4DFC-A788-7B9BF745D780", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "F8E8AEBB-9968-458D-8EE4-2725BBE1A53F", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "7ECC17E6-C5FF-4B63-807A-26E5E6932C5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "7DB72357-B16D-488A-995C-2703CCEC1D8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "B9671475-BC67-436F-B2B1-5128347B3C64", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "2EC098A3-1989-4AA5-B8D5-E061A618519D", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.9:*:*:*:*:*:*:*", "matchCriteriaId": "D2ABACB8-F4B0-4635-8FC7-4B0F5B723241", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.6:*:*:*:*:*:*:*", "matchCriteriaId": "7040466B-2A7D-4E75-8E4F-FA70D4A7E014", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "44887DE9-506B-46E3-922C-7B3C14B0AF33", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "D1250F15-7A05-452A-8958-3B1B32B326E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "A18FEF31-B528-46A8-AAA8-63B30D5A10EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "A35D61BD-50A7-4ACF-BA62-8F56C0740DA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "546FEA34-A6D9-47C4-A5B2-F492E1457F09", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:10:*:*:*:*:*:*:*", "matchCriteriaId": "0D02ADF5-706F-42B7-B88A-8BC6DEC8DC4A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server."}, {"lang": "es", "value": "PostgreSQL, en versiones 10.x anteriores a la 10.1; versiones 9.6.x anteriores a la 9.6.6; versiones 9.5.x anteriores a la 9.5.10; versiones 9.4.x anteriores a la 9.4.15, versiones 9.3.x anteriores a la 9.3.20 y versiones 9.2.x anteriores a la 9.2.24, se ejecuta en una cuenta del sistema operativo no root. Los superusuarios de la base de datos pueden ejecutar c\u00f3digo arbitrario bajo esa cuenta del sistema. PostgreSQL proporciona un script para iniciar el servidor de la base de datos durante el arranque del sistema. Los paquetes de PostgreSQL para muchos sistemas operativos proporcionan sus propias implementaciones de inicio creadas por el empaquetador. Varias implementaciones emplean un nombre de archivo de registro que el superusuario de la base de datos puede remplazar por un enlace simb\u00f3lico. Como root, pueden utilizar open(), chmod() y/o chown() para este nombre de archivo de registro. Esto suele ser suficiente para que el superusuario de la base de datos escale sus privilegios a root cuando el root inicia el servidor."}], "id": "CVE-2017-12172", "lastModified": "2019-10-09T23:22:24.933", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-22T19:29:00.223", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101949"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039752"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3402"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3403"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3404"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3405"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://www.postgresql.org/about/news/1801/"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://www.postgresql.org/support/security/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-59"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Antoine Scemama (Brainloop) as the original reporter.", "affected_release": [{"advisory": "RHSA-2017:3402", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "postgresql-0:9.2.23-3.el7_4", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3403", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-postgresql94-postgresql-0:9.4.14-2.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3404", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-postgresql95-postgresql-0:9.5.9-4.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3405", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-postgresql96-postgresql-0:9.6.5-2.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3403", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-postgresql94-postgresql-0:9.4.14-2.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3404", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-postgresql95-postgresql-0:9.5.9-4.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3405", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-postgresql96-postgresql-0:9.6.5-2.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3403", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql94-postgresql-0:9.4.14-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3404", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql95-postgresql-0:9.5.9-4.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3405", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql96-postgresql-0:9.6.5-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3403", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql94-postgresql-0:9.4.14-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3404", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql95-postgresql-0:9.5.9-4.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3405", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql96-postgresql-0:9.6.5-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3403", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql94-postgresql-0:9.4.14-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3404", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql95-postgresql-0:9.5.9-4.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3405", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql96-postgresql-0:9.6.5-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3404", "cpe": "cpe:/a:redhat:rhev_manager:4.2", "package": "rh-postgresql95-postgresql-0:9.5.9-4.el7", "product_name": "Red Hat Virtualization Engine 4.2", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3404", "cpe": "cpe:/a:redhat:rhev_manager:4.3", "package": "rh-postgresql95-postgresql-0:9.5.9-4.el7", "product_name": "Red Hat Virtualization Engine 4.3", "release_date": "2017-12-08T00:00:00Z"}], "bugzilla": {"description": "postgresql: Start scripts permit database administrator to modify root-owned files", "id": "1498394", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1498394"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-59", "details": ["PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server.", "Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine."], "name": "CVE-2017-12172", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Affected", "impact": "low", "package_name": "postgresql94", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "postgresql84", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/a:redhat:network_satellite:5", "fix_state": "Affected", "impact": "low", "package_name": "rh-postgresql95-postgresql", "product_name": "Red Hat Satellite 5"}], "public_date": "2017-11-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-12172\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12172\nhttps://www.postgresql.org/about/news/1801/"], "statement": "Red Hat Enterprise Linux 6 and Satellite 5 are now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Moderate", "upstream_fix": "postgresql 9.2.24, postgresql 9.3.20, postgresql 9.4.15, postgresql 9.5.10, postgresql 9.6.6, postgresql 10.1"}