Lucene search

K
ubuntucveUbuntu.comUB:CVE-2017-8806
HistoryNov 09, 2017 - 12:00 a.m.

CVE-2017-8806

2017-11-0900:00:00
ubuntu.com
ubuntu.com
13

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts,
as distributed in the Debian postgresql-common package before 181+deb9u1
for PostgreSQL (and other packages related to Debian and Ubuntu), handled
symbolic links insecurely, which could result in local denial of service by
overwriting arbitrary files.

Bugs

Notes

Author Note
mdeslaur PostgreSQL will use CVE-2017-12172 for contrib/start-scripts This is related to CVE-2016-1255

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

Related for UB:CVE-2017-8806