CVE-2017-12172

{"id": "CVE-2017-12172", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2017-11-22T19:29:00.223", "references": [{"url": "http://www.securityfocus.com/bid/101949", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id/1039752", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2017:3402", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2017:3403", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2017:3404", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2017:3405", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.postgresql.org/about/news/1801/", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.postgresql.org/support/security/", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-59"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server."}, {"lang": "es", "value": "PostgreSQL, en versiones 10.x anteriores a la 10.1; versiones 9.6.x anteriores a la 9.6.6; versiones 9.5.x anteriores a la 9.5.10; versiones 9.4.x anteriores a la 9.4.15, versiones 9.3.x anteriores a la 9.3.20 y versiones 9.2.x anteriores a la 9.2.24, se ejecuta en una cuenta del sistema operativo no root. Los superusuarios de la base de datos pueden ejecutar c\u00f3digo arbitrario bajo esa cuenta del sistema. PostgreSQL proporciona un script para iniciar el servidor de la base de datos durante el arranque del sistema. Los paquetes de PostgreSQL para muchos sistemas operativos proporcionan sus propias implementaciones de inicio creadas por el empaquetador. Varias implementaciones emplean un nombre de archivo de registro que el superusuario de la base de datos puede remplazar por un enlace simb\u00f3lico. Como root, pueden utilizar open(), chmod() y/o chown() para este nombre de archivo de registro. Esto suele ser suficiente para que el superusuario de la base de datos escale sus privilegios a root cuando el root inicia el servidor."}], "lastModified": "2019-10-09T23:22:24.933", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql:9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD27648F-E2FF-4779-97F9-2632DCC6B16D"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEFB4916-8B59-4534-804C-CF9DA1B18508"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3413A3AB-45A3-48E1-9B30-1194C4E7D49D"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5760CE83-4802-42A0-9338-E1E634882450"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B41009E-4028-4D82-B8D0-8B949EDC0A68"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "832F3EBE-A92C-4FB3-BF3C-0E7B750F966B"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1571EE80-55A6-4F91-909B-C46BA19EC76F"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2848E3BC-293A-4A75-BEB7-C2F1637AD3E0"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADC9133E-94FC-4199-BD69-BBB46CF3799F"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "200172CE-40AB-49E3-93D1-9947E3CBFFF8"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E90B21A9-19A7-4DCB-A2FE-C558CCB6BBB1"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "924D1F84-EC50-44C3-A156-DC8E3A5E3909"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A5EAF3B-B148-4B57-8E4E-0B5365003DFC"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5CE8DB4-CD97-4F60-9080-9FB093BD60CA"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B5AA780-4378-4959-9256-510C65E6E5B5"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74C9EB31-5D8E-4583-BC95-700F53854964"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3700FF66-108C-47C2-B4C2-1CB0B5575EDA"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "239F26B4-CFB2-4D7A-939E-0215A336A490"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C32070D-D751-4D3E-9457-5B1D1C551E70"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BADABD34-25A1-46D3-AEFB-249E912A723A"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C53E81C9-5693-4929-BC19-DEBAEF686E0E"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52B92B02-44DD-40D4-94F7-A3EE4621D854"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24DF332B-0391-410E-9F92-DAE1329E0031"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D9D0339-16F8-4E26-87B5-2543E860B77E"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B890251-95EB-44F3-A6A7-F718F3C807B0"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2E5BD02-8C3D-4687-88DE-1C00366270E7"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "709F5DF9-9F3A-42C3-890B-521B13118C0E"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14D85A34-C897-4E52-8F97-18CA51C5461A"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A40DAD2B-A6D4-43D8-B282-A3C672356D6A"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC2FE391-9414-480E-A9B1-CF70280E315E"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55B6A4ED-FA3B-4251-BF82-755F95277CF9"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7142DF3-124D-43D7-ADD9-70F4F7298557"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28DEA438-A0ED-49DC-AE51-4E9D8D4B6E7B"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "810B184F-6FB8-48D8-A569-F47BA43C4862"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "064BF155-7E2D-47B9-BD2B-C6E9FC06F5FC"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "676A81BD-7EEE-4770-B9AC-451B09844D6C"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30F23D38-BDD6-48E6-A6B2-29CD962EED99"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89833234-3890-4E2E-8FCF-09925D83ED67"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8F3ACC3-CB15-47E3-A511-E1D1F75E797F"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F6FD785-7C9F-4302-B7ED-93CA04473ACE"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC1BA72C-3A6E-450B-A3DE-3898DEAA9225"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FB6018C-3FC5-4D4E-BA7C-07C0A3B47976"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12EC8B10-6556-4235-B3DC-C47C13675894"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CE02C19-1FFE-474F-8098-D6A09A34667E"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77D1323D-3096-4D0F-823A-ECAC9017646D"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A587AF3-5E70-4455-8621-DFD048207DE2"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "526AFF26-B3EC-41C3-AC4C-85BFA3F99AC8"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89D2CAB7-C3D9-4F21-B902-2E498D00EFEB"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88797795-8B1C-455F-8C52-6169B2E47D53"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBDE0CC8-F1DF-4723-8FCB-9A33EA8B12D3"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90F13667-019B-49DF-929C-3D376FCDE6E4"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9E20AA3-C0D3-492C-AF3B-9F61550E6983"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "251C78CA-EEC0-49A8-A3D2-3C86D16CCB7F"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB443A75-2466-4164-A71B-9203933CB0D6"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B02839D4-EE7D-4D42-8934-322E46B643D4"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1BAE807-A21F-4980-B64E-911F5E9B16BF"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46ED9A2E-8169-4470-AE61-54829B11BDAB"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA755AFD-C904-4CDE-9B28-D7E5C4AAA550"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.4.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8B5D56C-5F3D-455E-82C3-B661E7809AED"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FF7FC5B-C9E3-4109-B3D6-9AC06F75DCB3"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2C15A86-9ED9-492E-877B-86963DAA761A"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EF74623-EF0E-455D-ADEB-9E336B539D86"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FACD7AB7-34E9-4DFC-A788-7B9BF745D780"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8E8AEBB-9968-458D-8EE4-2725BBE1A53F"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7ECC17E6-C5FF-4B63-807A-26E5E6932C5C"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DB72357-B16D-488A-995C-2703CCEC1D8F"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9671475-BC67-436F-B2B1-5128347B3C64"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EC098A3-1989-4AA5-B8D5-E061A618519D"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2ABACB8-F4B0-4635-8FC7-4B0F5B723241"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7040466B-2A7D-4E75-8E4F-FA70D4A7E014"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44887DE9-506B-46E3-922C-7B3C14B0AF33"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1250F15-7A05-452A-8958-3B1B32B326E1"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A18FEF31-B528-46A8-AAA8-63B30D5A10EC"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A35D61BD-50A7-4ACF-BA62-8F56C0740DA5"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "546FEA34-A6D9-47C4-A5B2-F492E1457F09"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D02ADF5-706F-42B7-B88A-8BC6DEC8DC4A"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}