Vulnerability Description
The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Postgresql-Common | 1 |
| Debian | Debian Linux | 7.0 |
| Canonical | Ubuntu Linux | 12.04 |
Related Weaknesses (CWE)
References
- http://www.ubuntu.com/usn/USN-3476-1Issue TrackingThird Party Advisory
- http://www.ubuntu.com/usn/USN-3476-2Issue TrackingThird Party Advisory
- https://anonscm.debian.org/cgit/pkg-postgresql/postgresql-common.git/commit/?id=Issue TrackingPatchVendor Advisory
- https://lists.debian.org/debian-lts-announce/2017/01/msg00002.htmlIssue TrackingVendor Advisory
- http://www.ubuntu.com/usn/USN-3476-1Issue TrackingThird Party Advisory
- http://www.ubuntu.com/usn/USN-3476-2Issue TrackingThird Party Advisory
- https://anonscm.debian.org/cgit/pkg-postgresql/postgresql-common.git/commit/?id=Issue TrackingPatchVendor Advisory
- https://lists.debian.org/debian-lts-announce/2017/01/msg00002.htmlIssue TrackingVendor Advisory
FAQ
What is CVE-2016-1255?
CVE-2016-1255 is a vulnerability with a CVSS score of 7.8 (HIGH). The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in...
How severe is CVE-2016-1255?
CVE-2016-1255 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-1255?
Check the references section above for vendor advisories and patch information. Affected products include: Debian Postgresql-Common, Debian Debian Linux, Canonical Ubuntu Linux.