CVE-2016-1255

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-1255

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-1255.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-1255

Related

Published

2017-12-05T16:29:00Z

Modified

2024-09-18T01:00:21Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql.

References

Affected packages

Debian:11 / postgresql-common

Package

Name: postgresql-common
Purl: pkg:deb/debian/postgresql-common?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

178

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / postgresql-common

Package

Name: postgresql-common
Purl: pkg:deb/debian/postgresql-common?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

178

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / postgresql-common

Package

Name: postgresql-common
Purl: pkg:deb/debian/postgresql-common?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

178

Ecosystem specific

{
    "urgency": "not yet assigned"
}