Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2018-1053

This release of CloudForms corrects an issue invoked when running pg_upgrade by which attackers could read or modify the output of `pg_dumpall -g` in the current working directory. With this release, any attack is rendered infeasible as the directory mode blocks an intruder from searching the current working directory, and the prevailing umask prevents attackers from opening the file.

Source

This release of CloudForms corrects an issue invoked when running pg_upgrade by which attackers could read or modify the output of `pg_dumpall -g` in the current working directory. With this release, any attack is rendered infeasible as the directory mode blocks an intruder from searching the current working directory, and the prevailing umask prevents attackers from opening the file.

Find out more about CVE-2018-1053 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue affects the versions of PostgreSQL 9.x as shipped with Red Hat Satellite 5.x and CloudForms 5.x. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

CVSS v3 metrics

CVSS3 Base Score	6.7
CVSS3 Base Metrics	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector	Local
Attack Complexity	High
Privileges Required	Low
User Interaction	Required
Scope	Unchanged
Confidentiality	High
Integrity Impact	High
Availability Impact	High

Red Hat Security Errata

Platform	Errata	Release Date
CloudForms Management Engine 5.9 (postgresql96)	RHSA-2018:3816	2018-12-13
Red Hat Software Collections for Red Hat Enterprise Linux 7 (rh-postgresql95-postgresql)	RHSA-2018:2511	2018-08-20
Red Hat Software Collections for Red Hat Enterprise Linux 6 (rh-postgresql96-postgresql)	RHSA-2018:2566	2018-08-27
Red Hat Software Collections for Red Hat Enterprise Linux 7 (rh-postgresql96-postgresql)	RHSA-2018:2566	2018-08-27
Red Hat Software Collections for Red Hat Enterprise Linux 6 (rh-postgresql95-postgresql)	RHSA-2018:2511	2018-08-20

Affected Packages State

Platform	Package	State
Red Hat Software Collections for Red Hat Enterprise Linux	rh-postgresql10-postgresql	Not affected
Red Hat Software Collections for Red Hat Enterprise Linux	rh-postgresql94-postgresql	Will not fix
Red Hat Single Sign-On 7	postgresql	Not affected
Red Hat Satellite 5	postgresql95-postgresql	Will not fix
Red Hat Mobile Application Platform On-Premise 4	postgresql	Not affected
Red Hat JBoss Operations Network 3	postgresql	Not affected
Red Hat JBoss Fuse Service Works 6	postgresql	Not affected
Red Hat Enterprise Linux 7	postgresql	Not affected
Red Hat Enterprise Linux 6	postgresql	Not affected
Red Hat Enterprise Linux 5	postgresql84	Not affected
Red Hat Enterprise Linux 5	postgresql	Not affected

Acknowledgements

Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Tom Lane as the original reporter.

External References

https://www.postgresql.org/about/news/1829/

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-1053

Statement

CVSS v3 metrics

Red Hat Security Errata

Affected Packages State

Acknowledgements

External References

Vulmon Search

About

Products

Connect