CVE-2017-12172

Publication date 22 November 2017

Last updated 24 July 2024


Ubuntu priority

Negligible

Why this priority?

Cvss 3 Severity Score

6.7 · Medium

Score breakdown

PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server.

Read the notes from the security team

Status

Package Ubuntu Release Status
postgresql-9.1 17.10 artful Not in release
17.04 zesty Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
postgresql-9.3 17.10 artful Not in release
17.04 zesty Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty
Not affected
postgresql-9.5 17.10 artful Not in release
17.04 zesty Not in release
16.04 LTS xenial
Not affected
14.04 LTS trusty Not in release
postgresql-9.6 17.10 artful
Not affected
17.04 zesty
Not affected
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release

Notes


mdeslaur

this script isn't installed by the packaging

Severity score breakdown

Parameter Value
Base score 6.7 · Medium
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H