CVE-2017-12172
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-12172
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12172.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-12172
- Related
- Published
- 2017-11-22T19:29:00Z
- Modified
- 2024-09-03T01:45:14.214033Z
- Severity
-
- 6.7 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server.
- References
-
- http://www.securityfocus.com/bid/101949
- http://www.securitytracker.com/id/1039752
- https://access.redhat.com/errata/RHSA-2017:3402
- https://access.redhat.com/errata/RHSA-2017:3403
- https://access.redhat.com/errata/RHSA-2017:3404
- https://access.redhat.com/errata/RHSA-2017:3405
- https://www.postgresql.org/about/news/1801/
- https://www.postgresql.org/support/security/
Affected packages
Git / git.postgresql.org/git/postgresql.git
Affected ranges
- Type
- GIT
- Repo
- https://git.postgresql.org/git/postgresql.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected00ca051844e6a5a1746d9088d2c92b3fd1bcf151Last affected01306452b1481a73a24fe7396f84797d37269865Last affected01de6f3fd80721583baf2378ee8fe2b06a448ed0Last affected029386ccbddd0a33d481b94e511f5219b03e6636Last affected05ec931add20f201e579e960b18c1cf770da6ee3Last affected0691fe504723c06ce6ccd1de257fe212609beb13Last affected16e7c02c423449697b78ca857e5847981785e9edLast affected1ad47d574e31f3bbe47bc015b2e04b42f55a582cLast affected254bb39b720426f7a4616cb6b40f810c44b24b20Last affected2f4ffae5ada6ec272997ce1d6fe415eb9a025924Last affected34af9129e6b0f163e03fac55b7ffa71aa925d4c7Last affected3f7928a2890b05908e7c1ef711d48e609c86982eLast affected4edcd5f5d23c55f60d6c11451437437611731fffLast affected51dac56ad5fd4cf5fe90f59c4b40f967fc3b13c5Last affected553e576e05b50f9faffbd3dd721e44fc3746898dLast affected56fc4f7c9c8168b93b45ccf48781d77073d271dcLast affected57811b751a8f6cc3e7fce01e4944e556ae4578afLast affected582eff507eb3e3acae8c7d2d562ac2beb00b344fLast affected59a0c01e3d88910e92a24e388f346670f4f696efLast affected5df0e99bea1c3e5fbffa7fbd0982da88ea149bb6Last affected616eaa396a9bf82d8208a79367d784590be9370dLast affected6237fadcc95bdcadd760f893d7bd9b866fadfff3Last affected69157086413efb8c1de793aa4493187c819cc5aeLast affected6a18e4bc2d13d077c52cf90a4c6ec68343808ba7Last affected6d81d0a215a5b843bf003b0a1c4b43f6d2cccc78Last affected6f5e8094c2c0b829e3d00fc1e1656248457e16e6Last affected70f2e3e20ff7dd10d2b405764f4818b11f167925Last affected730811c7d1600b92d4bcb91ac66d2206cf3a06efLast affected73c122769ca1f49c451e315d476c80fdcf9f20ccLast affected757f567ec8d6d4767e74cf987a5cc63e63f1c9dcLast affected7800229b36d0444cf2c61f5c5895108ee5e8ee2aLast affected7c055f3ec3bd338a1ebb8c73cff3d01df626471eLast affected811b6c4a1df5d8323b532460ef2157e771dfb358Last affected860f8fb1aa4ee01259bac8fa4e1c4da9570ac1b7Last affected8b47c9d413b10a482b21aa9aad9d4f8569de8798Last affected8c894c5ff58ff41b59f1ba5c9d487aa9c3073a2fLast affected8ca336f4ac3f08a5f23e76c6e9a5f2c8064f5883Last affected903bfef382f286a75e82b8b9edd93b2bdc6cfd96Last affected93067c53ae49eaa1fe7bedaf2ba4e3e8f2a6cbfaLast affected9f20f2fc43f7dbe5a60958bc41f24130957560a3Last affecteda0606058016b7d20406910b7a73e60ddb3e4c9ffLast affecteda1efb790fb99e989e5cd3ff5ae8cc6df3e250516Last affecteda20751ef44b47034e8082a14d42b876b169e8713Last affecteda3c643938166abed9a390cdbd8a5df09bfe39523Last affecteda5915db2fab1fbe555b6410440df5177a247a2f2Last affecteda721a1ba9cf6c86cb52f1bf325d5a27b64e870d6Last affectedaa3bcba08d466bc6fd2558f8f0bf0e6d6c89b58bLast affectedb3453562b349a104b92ff02289cf41ff09a8a875Last affectedb5ea07b06d58519c54aa3f15067f9a44d84f6d8eLast affectedb7f59e6d3e7c10ef0e222ce8ee6d19e8be304e29Last affectedba37ac217791dfdf2b327c4b75e7083b6b03a2f5Last affectedbaf379bf22a9b4fd9caa4cf95de397cac480ccebLast affectedbcbbc4cfc9ca163c4a562f24ff9e2fb070647786Last affectedbd9c6dc9ab9de8f07647015af65d6d2cec0057e3Last affectedc7681b2b9a115eb05048a485480826bc0efa6d3bLast affectedca3f8299ef4e02efb821f082519ea4ca680e4fc1Last affectedca9cfed883333d5801716eb01cf28b6b5be2b5cdLast affectedcd5a6521fa8e9d51090330eb500157079fda1381Last affectedcdd4ed5449bf317cc71b45a8deee0173822e7592Last affectedd0f83327d3739a45102fdd486947248c70e0249dLast affectedd130536e93378d9b6512d268639324ba7f60a815Last affectedd25c7d70ff46d1b2f2400f29d100190efe84d70dLast affectedd4f8dde3c1c2c90c723ab550e7f449fc75599316Last affectedd77841d1cebd3514603af055f141a84c8e53cbd3Last affectedda645b3a73580ac30cf02e932b42d06157b98229Last affectedde07063c05b8ffa86e804c6cc8117a8e8e5cff9bLast affectedde17fe43fa2d67a9d93bd70979a4744ea98fb076Last affectede0327d103013c41c83f41a05187b90956b38c5b7Last affectede1ea61a30121a97eee192adc0808635fcf7b6f25Last affectede9dca8ce147f32d7d64a9e64f9d8339310ad6535Last affectedeb4dfa239e6f54fef5c486caf4b58a9805c19572Last affectedeca2f8a7dd9bda862a25fcc57ddf77f7c0dc3afeLast affectedef47adb414e46099155c34529a2a5caeea02fc41Last affectedf07692e1906c5f78d4dc4f777ade31cbfdb0069eLast affectedf5bbaeef1a5cdce1349ed6a1f87a85f17d741b56Last affectedf7ba173cb3548ddccaab68fcaeae3dd5efdcfbf1
Affected versions
Other
PG95-1_01
REL6_1
REL6_1_1
REL6_2
REL6_2_1
REL6_3
REL6_3_2
REL6_5
REL7_0
REL7_1
REL7_1_BETA
REL7_1_BETA2
REL7_1_BETA3
REL7_2
REL7_2_BETA1
REL7_2_BETA2
REL7_2_BETA3
REL7_2_BETA4
REL7_2_BETA5
REL7_2_RC1
REL7_2_RC2
REL7_4_BETA1
REL7_4_BETA2
REL7_4_BETA3
REL7_4_BETA4
REL7_4_BETA5
REL7_4_RC1
REL8_0_0
REL8_0_0BETA1
REL8_0_0BETA2
REL8_0_0BETA3
REL8_0_0BETA4
REL8_0_0BETA5
REL8_0_0RC1
REL8_0_0RC2
REL8_0_0RC3
REL8_0_0RC4
REL8_0_0RC5
REL8_1_0
REL8_1_0BETA1
REL8_1_0BETA2
REL8_1_0BETA3
REL8_1_0BETA4
REL8_1_0RC1
REL8_2_0
REL8_2_BETA1
REL8_2_BETA2
REL8_2_BETA3
REL8_2_RC1
REL8_3_0
REL8_3_BETA1
REL8_3_BETA2
REL8_3_BETA3
REL8_3_BETA4
REL8_3_RC1
REL8_3_RC2
REL8_4_0
REL8_4_BETA1
REL8_4_BETA2
REL8_4_RC1
REL8_4_RC2
REL9_0_ALPHA5
REL9_0_BETA1
REL9_0_BETA2
REL9_0_BETA3
REL9_1_ALPHA1
REL9_1_ALPHA2
REL9_1_ALPHA3
REL9_1_ALPHA4
REL9_1_ALPHA5
REL9_1_BETA1
REL9_1_BETA2
REL9_2_0
REL9_2_1
REL9_2_10
REL9_2_11
REL9_2_12
REL9_2_13
REL9_2_14
REL9_2_15
REL9_2_16
REL9_2_17
REL9_2_18
REL9_2_2
REL9_2_3
REL9_2_4
REL9_2_5
REL9_2_6
REL9_2_7
REL9_2_8
REL9_2_9
REL9_2_BETA1
REL9_2_BETA2
REL9_2_BETA3
REL9_2_BETA4
REL9_2_RC1
REL9_3_0
REL9_3_1
REL9_3_2
REL9_3_3
REL9_3_4
REL9_3_5
REL9_3_6
REL9_3_7
REL9_3_8
REL9_3_BETA1
REL9_3_BETA2
REL9_3_RC1
REL9_4_0
REL9_4_1
REL9_4_10
REL9_4_11
REL9_4_2
REL9_4_3
REL9_4_4
REL9_4_5
REL9_4_6
REL9_4_7
REL9_4_8
REL9_4_9
REL9_4_BETA1
REL9_4_BETA2
REL9_4_BETA3
REL9_4_RC1
REL9_5_0
REL9_5_1
REL9_5_2
REL9_5_3
REL9_5_4
REL9_5_5
REL9_5_6
REL9_5_7
REL9_5_8
REL9_5_ALPHA1
REL9_5_ALPHA2
REL9_5_BETA1
REL9_5_BETA2
REL9_5_RC1
REL9_6_0
REL9_6_1
REL9_6_BETA1
REL9_6_BETA2
REL9_6_BETA3
REL9_6_BETA4
REL9_6_RC1
REL_10_0
REL_10_BETA1
REL_10_BETA2
REL_10_BETA3
REL_10_BETA4
REL_10_RC1
Release_1_0_2
Release_2_0
Release_2_0_0
release-6-3