CVE-2018-1115

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.

References

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html

http://www.securityfocus.com/bid/104285

https://access.redhat.com/errata/RHSA-2018:2565

https://access.redhat.com/errata/RHSA-2018:2566

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1115

https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=7b34740

https://security.gentoo.org/glsa/201810-08

Details

Source: MITRE

Published: 2018-05-10

Updated: 2020-12-04

Type: CWE-732

Risk Information

CVSS v2

Base Score: 6.4

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

Impact Score: 4.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 9.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Impact Score: 5.2

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
139979EulerOS 2.0 SP8 : postgresql (EulerOS-SA-2020-1876)NessusHuawei Local Security Checks
critical
139655openSUSE Security Update : postgresql96 / postgresql10 and postgresql12 (openSUSE-2020-1227)NessusSuSE Local Security Checks
high
123286openSUSE Security Update : postgresql10 (openSUSE-2019-659)NessusSuSE Local Security Checks
critical
120220Fedora 28 : postgresql (2018-08550a9006)NessusFedora Local Security Checks
critical
120090SUSE SLED15 / SLES15 Security Update : postgresql10 (SUSE-SU-2018:2564-1)NessusSuSE Local Security Checks
critical
119478Amazon Linux AMI : postgresql96 (ALAS-2018-1119)NessusAmazon Linux Local Security Checks
critical
118508GLSA-201810-08 : PostgreSQL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
112269openSUSE Security Update : postgresql10 (openSUSE-2018-955)NessusSuSE Local Security Checks
critical
110955openSUSE Security Update : postgresql95 (openSUSE-2018-696)NessusSuSE Local Security Checks
critical
110588openSUSE Security Update : postgresql96 (openSUSE-2018-638)NessusSuSE Local Security Checks
critical
110548SUSE SLED12 / SLES12 Security Update : postgresql96 (SUSE-SU-2018:1695-1)NessusSuSE Local Security Checks
critical
110288PostgreSQL 9.3 < 9.3.23 / 9.4 < 9.4.18 / 9.5 < 9.5.13 / 9.6 < 9.6.9 / 10.3 Insecure ACL Remote IssueNessusDatabases
critical
109972Fedora 26 : postgresql (2018-bd6f9237b5)NessusFedora Local Security Checks
critical
109971Fedora 27 : postgresql (2018-937c789f2a)NessusFedora Local Security Checks
critical