Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-14798 — UNIX Symbolic Link (Symlink) Following in Postgresql

CWE-61 — UNIX Symbolic Link (Symlink) Following CWE-362 — Race Condition4 documents4 sources

Severity

7.0HIGHNVD

CNA7.3

EPSS

0.8%

top 25.70%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Postgresql Suse Postgresql-init Suse Linux Enterprise Server

Timeline

PublishedMar 1

Latest updateMay 13

Description

A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5suse/postgresql-initunspecified — 9.4-0.5.3.1

▶NVDpostgresql/postgresql< 9.4-0.5.3.1

▶NVDsuse/suse_linux_enterprise_server11

🔴Vulnerability Details

GHSA

GHSA-934j-74pq-c42g: A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root↗2022-05-13

▶

CVEList

local privilege escalation in SUSE postgresql init script↗2018-03-01

▶

💥Exploits & PoCs

Exploit-DB

PostgreSQL 9.4-0.5.3 - Privilege Escalation↗2018-08-13

▶