CVE-2017-12172

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server.

References

http://www.securityfocus.com/bid/101949

http://www.securitytracker.com/id/1039752

https://access.redhat.com/errata/RHSA-2017:3402

https://access.redhat.com/errata/RHSA-2017:3403

https://access.redhat.com/errata/RHSA-2017:3404

https://access.redhat.com/errata/RHSA-2017:3405

https://www.postgresql.org/about/news/1801/

https://www.postgresql.org/support/security/

Details

Source: MITRE

Published: 2017-11-22

Updated: 2019-10-09

Type: CWE-59

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3

Base Score: 6.7

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 0.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:postgresql:postgresql:9.2:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.2.1:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.2.2:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.2.3:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.2.4:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.2.5:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.2.6:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.2.7:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.2.8:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.2.9:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.2.10:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.2.11:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.2.12:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.2.13:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.2.14:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.2.15:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.2.16:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.2.17:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.2.18:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.2.19:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.2.20:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.2.21:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.2.22:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.2.23:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.3:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.3.1:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.3.2:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.3.3:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.3.4:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.3.5:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.3.6:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.3.7:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.3.8:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.3.9:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.3.10:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.3.11:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.3.12:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.3.13:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.3.14:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.3.15:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.3.16:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.3.17:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.3.18:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.3.19:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.4:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.4.1:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.4.2:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.4.3:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.4.4:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.4.5:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.4.6:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.4.7:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.4.8:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.4.9:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.4.10:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.4.11:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.4.12:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.4.13:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.4.14:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.5:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.5.1:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.5.2:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.5.3:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.5.4:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.5.5:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.5.6:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.5.7:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.5.8:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.5.9:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.6:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.6.1:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.6.2:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.6.3:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.6.4:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.6.5:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:10:*:*:*:*:*:*:*

Tenable Plugins

View all (15 total)

IDNameProductFamilySeverity
127150NewStart CGSL MAIN 5.04 : postgresql Multiple Vulnerabilities (NS-SA-2019-0006)NessusNewStart CGSL Local Security Checks
medium
111897Photon OS 1.0: Curl / Glibc PHSA-2017-0048 (deprecated)NessusPhotonOS Local Security Checks
medium
108520Juniper Junos Space < 17.2R1 Multiple Vulnerabilities (JSA10838)NessusJunos Local Security Checks
critical
106067openSUSE Security Update : postgresql94 (openSUSE-2018-38)NessusSuSE Local Security Checks
high
106049SUSE SLED12 / SLES12 Security Update : postgresql94 (SUSE-SU-2018:0081-1)NessusSuSE Local Security Checks
high
106047SUSE SLES11 Security Update : postgresql94 (SUSE-SU-2018:0077-1)NessusSuSE Local Security Checks
high
105387Scientific Linux Security Update : postgresql on SL7.x x86_64 (20171219)NessusScientific Linux Local Security Checks
medium
105322EulerOS 2.0 SP2 : postgresql (EulerOS-SA-2017-1341)NessusHuawei Local Security Checks
medium
105321EulerOS 2.0 SP1 : postgresql (EulerOS-SA-2017-1340)NessusHuawei Local Security Checks
medium
105142Oracle Linux 7 : postgresql (ELSA-2017-3402)NessusOracle Linux Local Security Checks
medium
105114CentOS 7 : postgresql (CESA-2017:3402)NessusCentOS Local Security Checks
medium
105092RHEL 7 : postgresql (RHSA-2017:3402)NessusRed Hat Local Security Checks
medium
105055Amazon Linux AMI : postgresql92 / postgresql93,postgresql94 (ALAS-2017-931)NessusAmazon Linux Local Security Checks
high
105054Amazon Linux AMI : postgresql95 / postgresql96 (ALAS-2017-930)NessusAmazon Linux Local Security Checks
high
104574PostgreSQL 9.2.x < 9.2.24 / 9.3.x < 9.3.20 / 9.4.x < 9.4.15 / 9.5.x < 9.5.10 / 9.6.x < 9.6.6 / 10.x < 10.1 Multiple VulnerabilitiesNessusDatabases
medium