Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7
CVSSv3

CVE-2018-1053

Published: 09/02/2018 Updated: 09/10/2019
CVSS v2 Base Score: 3.3 | Impact Score: 4.9 | Exploitability Score: 3.4
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
VMScore: 294
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N
Subscribe to Postgresql

Vulnerability Summary

In postgresql 9.3.x prior to 9.3.21, 9.4.x prior to 9.4.16, 9.5.x prior to 9.5.11, 9.6.x prior to 9.6.7 and 10.x prior to 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated malicious user to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file.

Vulnerable Product Search on Vulmon Subscribe to Product

postgresql postgresql

postgresql postgresql 10.1

postgresql postgresql 10.0

debian debian linux 7.0

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

canonical ubuntu linux 17.10

redhat cloudforms 4.6

Vendor Advisories

Ubuntu Security Notice: postgresql-9.3, postgresql-9.5, postgresql-9.6 vulnerability
PostgreSQL could be made to expose sensitive information ...
Red Hat: Important: rh-postgresql96-postgresql security update
Synopsis Important: rh-postgresql96-postgresql security update Type/Severity Security Advisory: Important Topic An update for rh-postgresql96-postgresql is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnera ...
Red Hat: Important: rh-postgresql95-postgresql security update
Synopsis Important: rh-postgresql95-postgresql security update Type/Severity Security Advisory: Important Topic An update for rh-postgresql95-postgresql is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnera ...
Red Hat: Important: CloudForms 4.6.6 security, bug fix and enhancement update
Synopsis Important: CloudForms 466 security, bug fix and enhancement update Type/Severity Security Advisory: Important Topic An update is now available for CloudForms Management Engine 59Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Red Hat: CVE-2018-1053
This release of CloudForms corrects an issue invoked when running pg_upgrade by which attackers could read or modify the output of `pg_dumpall -g` in the current working directory With this release, any attack is rendered infeasible as the directory mode blocks an intruder from searching the current working directory, and the prevailing umask prev ...
Brocade Security Advisories: Access Denied
Menu Log in ...
PostgreSQL CVE: CVE-2018-1053
For more information about PostgreSQL versioning, please visit the versioning page ...

References

CWE-732https://www.postgresql.org/about/news/1829/https://lists.debian.org/debian-lts-announce/2018/02/msg00006.htmlhttp://www.securityfocus.com/bid/102986https://usn.ubuntu.com/3564-1/https://access.redhat.com/errata/RHSA-2018:2511https://access.redhat.com/errata/RHSA-2018:2566https://access.redhat.com/errata/RHSA-2018:3816https://usn.ubuntu.com/3564-1/https://nvd.nist.govhttps://www.postgresql.org/support/security/CVE-2018-1053/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middleCVE-2024-34558CVE-2024-32674CVE-2024-34351XPath injectionCVE-2023-45866CVE-2024-25528CVE-2024-25517path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook