{"containers": {"cna": {"affected": [{"product": "postgresql init script", "vendor": "Red Hat", "versions": [{"status": "affected", "version": "all"}]}], "datePublic": "2018-07-27T00:00:00", "descriptions": [{"lang": "en", "value": "Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-59", "description": "CWE-59", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-07-28T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2017:3402", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3402"}, {"name": "RHSA-2017:3403", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3403"}, {"name": "RHSA-2017:3405", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3405"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15097"}, {"name": "1039983", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039983"}, {"name": "RHSA-2017:3404", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3404"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:50:16.051Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2017:3402", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:3402"}, {"name": "RHSA-2017:3403", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:3403"}, {"name": "RHSA-2017:3405", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:3405"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15097"}, {"name": "1039983", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039983"}, {"name": "RHSA-2017:3404", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:3404"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-15097", "datePublished": "2018-07-27T20:00:00", "dateReserved": "2017-10-08T00:00:00", "dateUpdated": "2024-08-05T19:50:16.051Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine."}, {"lang": "es", "value": "Se encontraron vulnerabilidades de escalado de privilegios en los scripts de inicializaci\u00f3n de Red Hat de PostgreSQL. Un atacante con acceso a la cuenta de usuario de postgres podr\u00eda usar estas vulnerabilidades para obtener acceso root en la m\u00e1quina del servidor."}], "id": "CVE-2017-15097", "lastModified": "2023-02-12T23:28:25.390", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.6, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2018-07-27T20:29:00.280", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039983"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3402"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3403"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3404"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3405"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15097"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Pedro Barbosa (Red Hat) and the PostgreSQL project. Upstream acknowledges Antoine Scemama (Brainloop) as the original reporter.", "affected_release": [{"advisory": "RHSA-2017:3402", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "postgresql-0:9.2.23-3.el7_4", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3403", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-postgresql94-postgresql-0:9.4.14-2.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3404", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-postgresql95-postgresql-0:9.5.9-4.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3405", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-postgresql96-postgresql-0:9.6.5-2.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3403", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-postgresql94-postgresql-0:9.4.14-2.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3404", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-postgresql95-postgresql-0:9.5.9-4.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3405", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-postgresql96-postgresql-0:9.6.5-2.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3403", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql94-postgresql-0:9.4.14-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3404", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql95-postgresql-0:9.5.9-4.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3405", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql96-postgresql-0:9.6.5-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3403", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql94-postgresql-0:9.4.14-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3404", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql95-postgresql-0:9.5.9-4.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3405", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql96-postgresql-0:9.6.5-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3403", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql94-postgresql-0:9.4.14-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3404", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql95-postgresql-0:9.5.9-4.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3405", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql96-postgresql-0:9.6.5-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3404", "cpe": "cpe:/a:redhat:rhev_manager:4.2", "package": "rh-postgresql95-postgresql-0:9.5.9-4.el7", "product_name": "Red Hat Virtualization Engine 4.2", "release_date": "2017-12-08T00:00:00Z"}, {"advisory": "RHSA-2017:3404", "cpe": "cpe:/a:redhat:rhev_manager:4.3", "package": "rh-postgresql95-postgresql-0:9.5.9-4.el7", "product_name": "Red Hat Virtualization Engine 4.3", "release_date": "2017-12-08T00:00:00Z"}], "bugzilla": {"description": "postgresql: Start scripts permit database administrator to modify root-owned files", "id": "1508985", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508985"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-59", "details": ["Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.", "Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine."], "name": "CVE-2017-15097", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Under investigation", "package_name": "rh-postgresql94-postgresql", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Under investigation", "package_name": "rh-postgresql95-postgresql", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "postgresql84", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/a:redhat:network_satellite:5", "fix_state": "Under investigation", "package_name": "postgresql92-postgresql", "product_name": "Red Hat Satellite 5"}], "public_date": "2017-12-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-15097\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15097"], "statement": "Red Hat Enterprise Linux 6 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Moderate"}