Lucene search

DebianCVE-2017-8806

HistoryNov 13, 2017 - 9:29 a.m.

CVE-2017-8806

2017-11-1309:29:00

CWE-59

debian

web.nvd.nist.gov

225

debian

pg_ctlcluster

pg_createcluster

pg_upgradecluster

postgresql

ubuntu

symbolic links

denial of service

security vulnerability

nvd

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

5.3

Confidence

High

EPSS

Percentile

5.1%

JSON

The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.

Affected configurations

Nvd

Node

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch17.04

canonicalubuntu_linuxMatch17.10

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

AND

postgresqlpostgresqlMatch-

VendorProductVersionCPE
canonicalubuntu_linux14.04cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
canonicalubuntu_linux17.04cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
canonicalubuntu_linux17.10cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
postgresqlpostgresql-cpe:2.3:a:postgresql:postgresql:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
canonical	ubuntu_linux	14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
canonical	ubuntu_linux	16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
canonical	ubuntu_linux	17.04	cpe:2.3:o:canonical:ubuntu_linux:17.04:::::::*
canonical	ubuntu_linux	17.10	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
debian	debian_linux	8.0	cpe:2.3:o:debian:debian_linux:8.0:::::::*
debian	debian_linux	9.0	cpe:2.3:o:debian:debian_linux:9.0:::::::*
postgresql	postgresql	-	cpe:2.3:a:postgresql:postgresql:-:::::::*

CNA Affected

[
  {
    "product": "PostgreSQL-related scripts that are specific to Debian and Ubuntu",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "PostgreSQL-related scripts that are specific to Debian and Ubuntu"
      }
    ]
  }
]