CVE-2017-12172

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 9.2.x through 9.2.23 PostgreSQL versions 9.3.x through 9.3.19 PostgreSQL versions 9.4.x through 9.4.14 PostgreSQL versions 9.5.x through 9.5.9 PostgreSQL versions 9.6.x through 9.6.5 PostgreSQL versions 10.x through 10.0

Description The issue is related to the possibility of running under a non-root operating system account. Exploitation may allow an attacker to execute arbitrary code. Database superusers can run arbitrary code under the system account. The problem arises from the startup script that allows database administrators to modify root-owned files. Specifically, several startup implementations use a log file name that the database superuser can replace with a symbolic link, and then use functions like open(), chmod(), and/or chown() to escalate privileges to root when the root starts the server.

Recommendations For PostgreSQL versions 9.2.x through 9.2.23, update to version 9.2.24 or later. For PostgreSQL versions 9.3.x through 9.3.19, update to version 9.3.20 or later. For PostgreSQL versions 9.4.x through 9.4.14, update to version 9.4.15 or later. For PostgreSQL versions 9.5.x through 9.5.9, update to version 9.5.10 or later. For PostgreSQL versions 9.6.x through 9.6.5, update to version 9.6.6 or later. For PostgreSQL versions 10.x through 10.0, update to version 10.1 or later. As a temporary workaround, consider restricting access to the startup script and log files to prevent privilege escalation.