The pg_ctlcluster script in postgresql-common in versions before 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
postgresql postgresql-common |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 19.04 |
||
canonical ubuntu linux 19.10 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |