CVE-2017-12172
postgresql: Start scripts permit database administrator to modify root-owned files
Severity Score
6.7
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server.
PostgreSQL, en versiones 10.x anteriores a la 10.1; versiones 9.6.x anteriores a la 9.6.6; versiones 9.5.x anteriores a la 9.5.10; versiones 9.4.x anteriores a la 9.4.15, versiones 9.3.x anteriores a la 9.3.20 y versiones 9.2.x anteriores a la 9.2.24, se ejecuta en una cuenta del sistema operativo no root. Los superusuarios de la base de datos pueden ejecutar código arbitrario bajo esa cuenta del sistema. PostgreSQL proporciona un script para iniciar el servidor de la base de datos durante el arranque del sistema. Los paquetes de PostgreSQL para muchos sistemas operativos proporcionan sus propias implementaciones de inicio creadas por el empaquetador. Varias implementaciones emplean un nombre de archivo de registro que el superusuario de la base de datos puede remplazar por un enlace simbólico. Como root, pueden utilizar open(), chmod() y/o chown() para este nombre de archivo de registro. Esto suele ser suficiente para que el superusuario de la base de datos escale sus privilegios a root cuando el root inicia el servidor.
Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-08-01 CVE Reserved
- 2017-11-22 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/101949 | Third Party Advisory | |
| http://www.securitytracker.com/id/1039752 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:3402 | 2019-10-09 | |
| https://access.redhat.com/errata/RHSA-2017:3403 | 2019-10-09 | |
| https://access.redhat.com/errata/RHSA-2017:3404 | 2019-10-09 | |
| https://access.redhat.com/errata/RHSA-2017:3405 | 2019-10-09 | |
| https://www.postgresql.org/about/news/1801 | 2019-10-09 | |
| https://www.postgresql.org/support/security | 2019-10-09 | |
| https://access.redhat.com/security/cve/CVE-2017-12172 | 2017-12-08 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1498394 | 2017-12-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2 Search vendor "Postgresql" for product "Postgresql" and version "9.2" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.1 Search vendor "Postgresql" for product "Postgresql" and version "9.2.1" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.2 Search vendor "Postgresql" for product "Postgresql" and version "9.2.2" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.3 Search vendor "Postgresql" for product "Postgresql" and version "9.2.3" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.4 Search vendor "Postgresql" for product "Postgresql" and version "9.2.4" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.5 Search vendor "Postgresql" for product "Postgresql" and version "9.2.5" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.6 Search vendor "Postgresql" for product "Postgresql" and version "9.2.6" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.7 Search vendor "Postgresql" for product "Postgresql" and version "9.2.7" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.8 Search vendor "Postgresql" for product "Postgresql" and version "9.2.8" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.9 Search vendor "Postgresql" for product "Postgresql" and version "9.2.9" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.10 Search vendor "Postgresql" for product "Postgresql" and version "9.2.10" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.11 Search vendor "Postgresql" for product "Postgresql" and version "9.2.11" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.12 Search vendor "Postgresql" for product "Postgresql" and version "9.2.12" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.13 Search vendor "Postgresql" for product "Postgresql" and version "9.2.13" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.14 Search vendor "Postgresql" for product "Postgresql" and version "9.2.14" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.15 Search vendor "Postgresql" for product "Postgresql" and version "9.2.15" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.16 Search vendor "Postgresql" for product "Postgresql" and version "9.2.16" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.17 Search vendor "Postgresql" for product "Postgresql" and version "9.2.17" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.18 Search vendor "Postgresql" for product "Postgresql" and version "9.2.18" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.19 Search vendor "Postgresql" for product "Postgresql" and version "9.2.19" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.20 Search vendor "Postgresql" for product "Postgresql" and version "9.2.20" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.21 Search vendor "Postgresql" for product "Postgresql" and version "9.2.21" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.22 Search vendor "Postgresql" for product "Postgresql" and version "9.2.22" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.2.23 Search vendor "Postgresql" for product "Postgresql" and version "9.2.23" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3 Search vendor "Postgresql" for product "Postgresql" and version "9.3" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.1 Search vendor "Postgresql" for product "Postgresql" and version "9.3.1" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.2 Search vendor "Postgresql" for product "Postgresql" and version "9.3.2" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.3 Search vendor "Postgresql" for product "Postgresql" and version "9.3.3" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.4 Search vendor "Postgresql" for product "Postgresql" and version "9.3.4" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.5 Search vendor "Postgresql" for product "Postgresql" and version "9.3.5" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.6 Search vendor "Postgresql" for product "Postgresql" and version "9.3.6" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.7 Search vendor "Postgresql" for product "Postgresql" and version "9.3.7" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.8 Search vendor "Postgresql" for product "Postgresql" and version "9.3.8" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.9 Search vendor "Postgresql" for product "Postgresql" and version "9.3.9" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.10 Search vendor "Postgresql" for product "Postgresql" and version "9.3.10" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.11 Search vendor "Postgresql" for product "Postgresql" and version "9.3.11" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.12 Search vendor "Postgresql" for product "Postgresql" and version "9.3.12" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.13 Search vendor "Postgresql" for product "Postgresql" and version "9.3.13" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.14 Search vendor "Postgresql" for product "Postgresql" and version "9.3.14" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.15 Search vendor "Postgresql" for product "Postgresql" and version "9.3.15" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.16 Search vendor "Postgresql" for product "Postgresql" and version "9.3.16" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.17 Search vendor "Postgresql" for product "Postgresql" and version "9.3.17" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.18 Search vendor "Postgresql" for product "Postgresql" and version "9.3.18" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.3.19 Search vendor "Postgresql" for product "Postgresql" and version "9.3.19" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.4 Search vendor "Postgresql" for product "Postgresql" and version "9.4" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.4.1 Search vendor "Postgresql" for product "Postgresql" and version "9.4.1" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.4.2 Search vendor "Postgresql" for product "Postgresql" and version "9.4.2" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.4.3 Search vendor "Postgresql" for product "Postgresql" and version "9.4.3" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.4.4 Search vendor "Postgresql" for product "Postgresql" and version "9.4.4" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.4.5 Search vendor "Postgresql" for product "Postgresql" and version "9.4.5" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.4.6 Search vendor "Postgresql" for product "Postgresql" and version "9.4.6" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.4.7 Search vendor "Postgresql" for product "Postgresql" and version "9.4.7" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.4.8 Search vendor "Postgresql" for product "Postgresql" and version "9.4.8" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.4.9 Search vendor "Postgresql" for product "Postgresql" and version "9.4.9" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.4.10 Search vendor "Postgresql" for product "Postgresql" and version "9.4.10" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.4.11 Search vendor "Postgresql" for product "Postgresql" and version "9.4.11" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.4.12 Search vendor "Postgresql" for product "Postgresql" and version "9.4.12" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.4.13 Search vendor "Postgresql" for product "Postgresql" and version "9.4.13" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.4.14 Search vendor "Postgresql" for product "Postgresql" and version "9.4.14" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.5 Search vendor "Postgresql" for product "Postgresql" and version "9.5" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.5.1 Search vendor "Postgresql" for product "Postgresql" and version "9.5.1" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.5.2 Search vendor "Postgresql" for product "Postgresql" and version "9.5.2" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.5.3 Search vendor "Postgresql" for product "Postgresql" and version "9.5.3" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.5.4 Search vendor "Postgresql" for product "Postgresql" and version "9.5.4" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.5.5 Search vendor "Postgresql" for product "Postgresql" and version "9.5.5" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.5.6 Search vendor "Postgresql" for product "Postgresql" and version "9.5.6" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.5.7 Search vendor "Postgresql" for product "Postgresql" and version "9.5.7" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.5.8 Search vendor "Postgresql" for product "Postgresql" and version "9.5.8" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.5.9 Search vendor "Postgresql" for product "Postgresql" and version "9.5.9" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.6 Search vendor "Postgresql" for product "Postgresql" and version "9.6" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.6.1 Search vendor "Postgresql" for product "Postgresql" and version "9.6.1" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.6.2 Search vendor "Postgresql" for product "Postgresql" and version "9.6.2" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.6.3 Search vendor "Postgresql" for product "Postgresql" and version "9.6.3" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.6.4 Search vendor "Postgresql" for product "Postgresql" and version "9.6.4" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.6.5 Search vendor "Postgresql" for product "Postgresql" and version "9.6.5" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 10 Search vendor "Postgresql" for product "Postgresql" and version "10" | - |
Affected
| ||||||