CVE-2017-8806

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions postgresql-common versions prior to 181+deb9u1

Description The issue is related to the incorrect handling of symbolic links by the pg ctlcluster, pg createcluster, and pg upgradecluster scripts in the postgresql-common package for PostgreSQL. This could allow an attacker to impact data integrity by overwriting arbitrary files, resulting in a local denial of service.

Recommendations For versions prior to 181+deb9u1, update to version 181+deb9u1 or later to resolve the issue. As a temporary workaround, consider restricting access to the pg ctlcluster, pg createcluster, and pg upgradecluster scripts until a patch is available.

Fix

DoS

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

BDU:2020-00685

CVE-2017-8806

DLA-1169-1

DSA-4029-1

ECHO-4017-B212-426E

GHSA-XG92-G8H7-V7R4

USN-3476-1

USN-3476-2

Affected Products

Ubuntu

Postgresql-Common

CVE-2017-8806

Weakness Enumeration

Related Identifiers

Affected Products

References · 21