Vulnerability Description
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Postgresql | Postgresql | - |
| Canonical | Ubuntu Linux | 14.04 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- http://metadata.ftp-master.debian.org/changelogs/main/p/postgresql-common/postgrBroken LinkIssue TrackingThird Party Advisory
- http://www.securityfocus.com/bid/101810Broken LinkThird Party AdvisoryVDB Entry
- https://usn.ubuntu.com/usn/usn-3476-1/Issue TrackingThird Party Advisory
- https://www.debian.org/security/2017/dsa-4029Issue TrackingThird Party Advisory
- http://metadata.ftp-master.debian.org/changelogs/main/p/postgresql-common/postgrBroken LinkIssue TrackingThird Party Advisory
- http://www.securityfocus.com/bid/101810Broken LinkThird Party AdvisoryVDB Entry
- https://usn.ubuntu.com/usn/usn-3476-1/Issue TrackingThird Party Advisory
- https://www.debian.org/security/2017/dsa-4029Issue TrackingThird Party Advisory
FAQ
What is CVE-2017-8806?
CVE-2017-8806 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian...
How severe is CVE-2017-8806?
CVE-2017-8806 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-8806?
Check the references section above for vendor advisories and patch information. Affected products include: Postgresql Postgresql, Canonical Ubuntu Linux, Debian Debian Linux.