CVE-2017-15097
postgresql: Start scripts permit database administrator to modify root-owned files
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.
Se encontraron vulnerabilidades de escalado de privilegios en los scripts de inicialización de Red Hat de PostgreSQL. Un atacante con acceso a la cuenta de usuario de postgres podría usar estas vulnerabilidades para obtener acceso root en la máquina del servidor.
PostgreSQL is an advanced object-relational database management system. Security Fix: Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. Note: This patch drops the script privileges from root to the postgres user. Therefore, this update works properly only if the postgres user has write access to the postgres' home directory, such as the one in the default configuration.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-10-08 CVE Reserved
- 2017-12-09 CVE Published
- 2024-08-05 CVE Updated
- 2025-06-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
http://www.securitytracker.com/id/1039983 | Third Party Advisory | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15097 | Issue Tracking |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2017:3402 | 2023-02-12 | |
https://access.redhat.com/errata/RHSA-2017:3403 | 2023-02-12 | |
https://access.redhat.com/errata/RHSA-2017:3404 | 2023-02-12 | |
https://access.redhat.com/errata/RHSA-2017:3405 | 2023-02-12 | |
https://access.redhat.com/security/cve/CVE-2017-15097 | 2017-12-08 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1508985 | 2017-12-08 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.5 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.5" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
|