Lucene search

Ubuntu.comUB:CVE-2017-14798

HistoryMar 01, 2018 - 12:00 a.m.

CVE-2017-14798

2018-03-0100:00:00

ubuntu.com

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

49.8%

JSON

A race condition in the postgresql init script could be used by attackers
able to access the postgresql account to escalate their privileges to root.

Notes

Author	Note
sbeattie	SUSE initscript specific issue

References

lists.suse.com/pipermail/sle-security-updates/2017-November/003420.html

bugzilla.suse.com/show_bug.cgi?id=1062722

launchpad.net/bugs/cve/CVE-2017-14798

nvd.nist.gov/vuln/detail/CVE-2017-14798

security-tracker.debian.org/tracker/CVE-2017-14798

www.cve.org/CVERecord?id=CVE-2017-14798

www.suse.com/de-de/security/cve/CVE-2017-14798/

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

49.8%

JSON

Related for UB:CVE-2017-14798