CVE-2018-1053

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 9.3.x through 9.3.20 PostgreSQL versions 9.4.x through 9.4.15 PostgreSQL versions 9.5.x through 9.5.10 PostgreSQL versions 9.6.x through 9.6.6 PostgreSQL versions 10.x through 10.1

Description The issue is related to the implementation of the pg upgrade command in the PostgreSQL database management system. It involves errors when creating temporary files in the current working directory. Exploitation of this issue could allow an attacker to access arbitrary files. Specifically, pg upgrade creates a file containing the output of pg dumpall -g under the umask in effect when the user invoked pg upgrade, rather than the normally used 0077 for other temporary files. This could enable an authenticated attacker to read or modify the file, potentially accessing encrypted or unencrypted database passwords. The attack is more difficult if the directory mode prevents the attacker from searching the current working directory or if the prevailing umask blocks the attacker from opening the file.

Recommendations For PostgreSQL versions 9.3.x through 9.3.20, update to version 9.3.21 or later. For PostgreSQL versions 9.4.x through 9.4.15, update to version 9.4.16 or later. For PostgreSQL versions 9.5.x through 9.5.10, update to version 9.5.11 or later. For PostgreSQL versions 9.6.x through 9.6.6, update to version 9.6.7 or later. For PostgreSQL versions 10.x through 10.1, update to version 10.2 or later.