CVE-2017-15097 — Link Following in RED HAT Postgresql Init Script

CWE-59 — Link Following5 documents5 sources

Severity

6.7MEDIUMNVD

CNA6.5

EPSS

0.0%

top 88.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

RED HAT Postgresql Init Script Redhat Enterprise Linux Desktop Redhat Enterprise Linux Server +3 more

Timeline

PublishedJul 27

Latest updateMay 24

Description

Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5red_hat/postgresql_init_scriptall

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

▶NVDredhat/enterprise_linux_workstation7.0

Also affects: Enterprise Linux 7.4, 7.5

🔴Vulnerability Details

GHSA

GHSA-4fwh-62fj-p4ww: Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL↗2022-05-24

▶

CVEList

CVE-2017-15097: Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL↗2018-07-27

▶

📋Vendor Advisories

Red Hat

postgresql: Start scripts permit database administrator to modify root-owned files↗2017-12-07

▶

💬Community

Bugzilla

CVE-2017-15097 postgresql: Start scripts permit database administrator to modify root-owned files↗2017-11-02

▶