Published: 13/11/2017 Updated: 01/04/2024

CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 321

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P

The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package prior to 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.

Vulnerable Product	Search on Vulmon	Subscribe to Product
postgresql postgresql -

postgresql-common could be made to overwrite files as the administrator ...

It was discovered that the pg_ctlcluster, pg_createcluster and pg_upgradecluster commands handled symbolic links insecurely which could result in local denial of service by overwriting arbitrary files For the oldstable distribution (jessie), this problem has been fixed in version 165+deb8u3 For the stable distribution (stretch), this problem has ...

vunnel A tool for fetching, transforming, and storing vulnerability data from a variety of sources Sup

Tool for collecting vulnerability data from various sources (used to build the grype database)

vunnel A tool for fetching, transforming, and storing vulnerability data from a variety of sources Sup

CWE-59 https://www.debian.org/security/2017/dsa-4029 https://usn.ubuntu.com/usn/usn-3476-1/http://metadata.ftp-master.debian.org/changelogs/main/p/postgresql-common/postgresql-common_181+deb9u1_changelog http://www.securityfocus.com/bid/101810 https://usn.ubuntu.com/3476-2/https://nvd.nist.gov

CVE-2017-8806

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect