Lucene search

RedhatCVE-2017-15097

HistoryJul 27, 2018 - 8:29 p.m.

CVE-2017-15097

2018-07-2720:29:00

CWE-59

redhat

web.nvd.nist.gov

cve-2017-15097

privilege escalation

red hat

postgresql

nvd

security vulnerability

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

26.7%

JSON

Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.

Affected configurations

Nvd

Node

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.4

redhatenterprise_linux_server_eusMatch7.4

redhatenterprise_linux_server_eusMatch7.5

redhatenterprise_linux_workstationMatch7.0

VendorProductVersionCPE
redhatenterprise_linux_desktop7.0cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
redhatenterprise_linux_server7.0cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
redhatenterprise_linux_server_aus7.4cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
redhatenterprise_linux_server_eus7.4cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
redhatenterprise_linux_server_eus7.5cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
redhatenterprise_linux_workstation7.0cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	enterprise_linux_desktop	7.0	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
redhat	enterprise_linux_server	7.0	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
redhat	enterprise_linux_server_aus	7.4	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
redhat	enterprise_linux_server_eus	7.4	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
redhat	enterprise_linux_server_eus	7.5	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
redhat	enterprise_linux_workstation	7.0	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

CNA Affected

[
  {
    "product": "postgresql init script",
    "vendor": "Red Hat",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  }
]