Published: 20/11/2019 Updated: 03/12/2019

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The pg_ctlcluster script in postgresql-common in versions before 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
postgresql postgresql-common
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 19.04
canonical ubuntu linux 19.10
debian debian linux 9.0
debian debian linux 10.0

postgresql-common could be made to create arbitrary directories ...

Rich Mirch discovered that the pg_ctlcluster script didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation For the oldstable distribution (stretch), this problem has been fixed in version 181+deb9u3 For the stable distribution (buster), this problem has been fixed in version ...

A PostgreSQL superuser could escalate to root using a deficiency in the pg_ctlcluster command pg_ctlcluster is a utility provided by the "postgresql-common" package that is installed with PostgreSQL on Debian and Ubuntu platforms ...

CWE-269 https://blog.mirch.io/2019/11/15/cve-2019-3466-debian-ubuntu-pg_ctlcluster-privilege-escalation/https://usn.ubuntu.com/4194-2/https://nvd.nist.gov https://usn.ubuntu.com/4194-1/https://www.postgresql.org/support/security/CVE-2019-3466/

CVE-2019-3466

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect