CVE-2016-5424
postgresql: privilege escalation via crafted database and role names
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.
PostgreSQL en versiones anteriores a 9.1.23, 9.2.x en versiones anteriores a 9.2.18, 9.3.x en versiones anteriores a 9.3.14, 9.4.x en versiones anteriores a 9.4.9 y 9.5.x en versiones anteriores a 9.5.4 podrían permitir a usuarios remotos autenticados con el rol CREATEDB o CREATEROLE obtener privilegios de superusuario a través de un carácter (1) " (comillas dobles), (2) \ (barra invertida), (3) retorno de carro o (4) nueva linea en (a) una base de datos o (b) el nombre del rol que se maneja incorrectamente durante una operación administrativa.
A flaw was found in the way PostgreSQL client programs handled database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable client program.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-06-10 CVE Reserved
- 2016-08-12 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (17)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/92435 | Third Party Advisory | |
http://www.securitytracker.com/id/1036617 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.postgresql.org/about/news/1688 | 2018-01-05 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | <= 9.1.22 Search vendor "Postgresql" for product "Postgresql" and version " <= 9.1.22" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2 Search vendor "Postgresql" for product "Postgresql" and version "9.2" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.1 Search vendor "Postgresql" for product "Postgresql" and version "9.2.1" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.2 Search vendor "Postgresql" for product "Postgresql" and version "9.2.2" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.3 Search vendor "Postgresql" for product "Postgresql" and version "9.2.3" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.4 Search vendor "Postgresql" for product "Postgresql" and version "9.2.4" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.5 Search vendor "Postgresql" for product "Postgresql" and version "9.2.5" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.6 Search vendor "Postgresql" for product "Postgresql" and version "9.2.6" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.7 Search vendor "Postgresql" for product "Postgresql" and version "9.2.7" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.8 Search vendor "Postgresql" for product "Postgresql" and version "9.2.8" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.9 Search vendor "Postgresql" for product "Postgresql" and version "9.2.9" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.10 Search vendor "Postgresql" for product "Postgresql" and version "9.2.10" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.11 Search vendor "Postgresql" for product "Postgresql" and version "9.2.11" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.12 Search vendor "Postgresql" for product "Postgresql" and version "9.2.12" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.13 Search vendor "Postgresql" for product "Postgresql" and version "9.2.13" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.14 Search vendor "Postgresql" for product "Postgresql" and version "9.2.14" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.15 Search vendor "Postgresql" for product "Postgresql" and version "9.2.15" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.16 Search vendor "Postgresql" for product "Postgresql" and version "9.2.16" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.17 Search vendor "Postgresql" for product "Postgresql" and version "9.2.17" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3 Search vendor "Postgresql" for product "Postgresql" and version "9.3" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.1 Search vendor "Postgresql" for product "Postgresql" and version "9.3.1" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.2 Search vendor "Postgresql" for product "Postgresql" and version "9.3.2" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.3 Search vendor "Postgresql" for product "Postgresql" and version "9.3.3" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.4 Search vendor "Postgresql" for product "Postgresql" and version "9.3.4" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.5 Search vendor "Postgresql" for product "Postgresql" and version "9.3.5" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.6 Search vendor "Postgresql" for product "Postgresql" and version "9.3.6" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.7 Search vendor "Postgresql" for product "Postgresql" and version "9.3.7" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.8 Search vendor "Postgresql" for product "Postgresql" and version "9.3.8" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.9 Search vendor "Postgresql" for product "Postgresql" and version "9.3.9" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.10 Search vendor "Postgresql" for product "Postgresql" and version "9.3.10" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.11 Search vendor "Postgresql" for product "Postgresql" and version "9.3.11" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.12 Search vendor "Postgresql" for product "Postgresql" and version "9.3.12" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.13 Search vendor "Postgresql" for product "Postgresql" and version "9.3.13" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.4 Search vendor "Postgresql" for product "Postgresql" and version "9.4" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.4.1 Search vendor "Postgresql" for product "Postgresql" and version "9.4.1" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.4.2 Search vendor "Postgresql" for product "Postgresql" and version "9.4.2" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.4.3 Search vendor "Postgresql" for product "Postgresql" and version "9.4.3" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.4.4 Search vendor "Postgresql" for product "Postgresql" and version "9.4.4" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.4.5 Search vendor "Postgresql" for product "Postgresql" and version "9.4.5" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.4.6 Search vendor "Postgresql" for product "Postgresql" and version "9.4.6" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.4.7 Search vendor "Postgresql" for product "Postgresql" and version "9.4.7" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.4.8 Search vendor "Postgresql" for product "Postgresql" and version "9.4.8" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.5 Search vendor "Postgresql" for product "Postgresql" and version "9.5" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.5.1 Search vendor "Postgresql" for product "Postgresql" and version "9.5.1" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.5.2 Search vendor "Postgresql" for product "Postgresql" and version "9.5.2" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.5.3 Search vendor "Postgresql" for product "Postgresql" and version "9.5.3" | - |
Affected
|