Ubuntu.comUB:CVE-2016-1255CVE-2016-1255
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
5.1%
The pg_ctlcluster script in postgresql-common package in Debian wheezy
before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable
before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS
before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu
17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows
local users to gain root privileges via a symlink attack on a logfile in
/var/log/postgresql.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 14.04 | noarch | postgresql-common | < 154ubuntu1.1 | UNKNOWN |
| ubuntu | 16.04 | noarch | postgresql-common | < 173ubuntu0.1 | UNKNOWN |
References
anonscm.debian.org/cgit/pkg-postgresql/postgresql-common.git/log/
launchpad.net/bugs/cve/CVE-2016-1255
nvd.nist.gov/vuln/detail/CVE-2016-1255
security-tracker.debian.org/tracker/CVE-2016-1255
ubuntu.com/security/notices/USN-3476-1
ubuntu.com/security/notices/USN-3476-2
www.cve.org/CVERecord?id=CVE-2016-1255
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
5.1%