CVE-2017-12172

Source
https://nvd.nist.gov/vuln/detail/CVE-2017-12172
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-12172.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-12172
Related
Published
2017-11-22T19:29:00Z
Modified
2024-10-12T02:34:25.281433Z
Severity
  • 6.7 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server.

References

Affected packages

Git / git.postgresql.org/git/postgresql.git

Affected ranges

Type
GIT
Repo
https://git.postgresql.org/git/postgresql.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
00ca051844e6a5a1746d9088d2c92b3fd1bcf151
Last affected
01306452b1481a73a24fe7396f84797d37269865
Last affected
01de6f3fd80721583baf2378ee8fe2b06a448ed0
Last affected
029386ccbddd0a33d481b94e511f5219b03e6636
Last affected
05ec931add20f201e579e960b18c1cf770da6ee3
Last affected
0691fe504723c06ce6ccd1de257fe212609beb13
Last affected
16e7c02c423449697b78ca857e5847981785e9ed
Last affected
1ad47d574e31f3bbe47bc015b2e04b42f55a582c
Last affected
254bb39b720426f7a4616cb6b40f810c44b24b20
Last affected
2f4ffae5ada6ec272997ce1d6fe415eb9a025924
Last affected
34af9129e6b0f163e03fac55b7ffa71aa925d4c7
Last affected
3f7928a2890b05908e7c1ef711d48e609c86982e
Last affected
4edcd5f5d23c55f60d6c11451437437611731fff
Last affected
51dac56ad5fd4cf5fe90f59c4b40f967fc3b13c5
Last affected
553e576e05b50f9faffbd3dd721e44fc3746898d
Last affected
56fc4f7c9c8168b93b45ccf48781d77073d271dc
Last affected
57811b751a8f6cc3e7fce01e4944e556ae4578af
Last affected
582eff507eb3e3acae8c7d2d562ac2beb00b344f
Last affected
59a0c01e3d88910e92a24e388f346670f4f696ef
Last affected
5df0e99bea1c3e5fbffa7fbd0982da88ea149bb6
Last affected
616eaa396a9bf82d8208a79367d784590be9370d
Last affected
6237fadcc95bdcadd760f893d7bd9b866fadfff3
Last affected
69157086413efb8c1de793aa4493187c819cc5ae
Last affected
6a18e4bc2d13d077c52cf90a4c6ec68343808ba7
Last affected
6d81d0a215a5b843bf003b0a1c4b43f6d2cccc78
Last affected
6f5e8094c2c0b829e3d00fc1e1656248457e16e6
Last affected
70f2e3e20ff7dd10d2b405764f4818b11f167925
Last affected
730811c7d1600b92d4bcb91ac66d2206cf3a06ef
Last affected
73c122769ca1f49c451e315d476c80fdcf9f20cc
Last affected
757f567ec8d6d4767e74cf987a5cc63e63f1c9dc
Last affected
7800229b36d0444cf2c61f5c5895108ee5e8ee2a
Last affected
7c055f3ec3bd338a1ebb8c73cff3d01df626471e
Last affected
811b6c4a1df5d8323b532460ef2157e771dfb358
Last affected
860f8fb1aa4ee01259bac8fa4e1c4da9570ac1b7
Last affected
8b47c9d413b10a482b21aa9aad9d4f8569de8798
Last affected
8c894c5ff58ff41b59f1ba5c9d487aa9c3073a2f
Last affected
8ca336f4ac3f08a5f23e76c6e9a5f2c8064f5883
Last affected
903bfef382f286a75e82b8b9edd93b2bdc6cfd96
Last affected
93067c53ae49eaa1fe7bedaf2ba4e3e8f2a6cbfa
Last affected
9f20f2fc43f7dbe5a60958bc41f24130957560a3
Last affected
a0606058016b7d20406910b7a73e60ddb3e4c9ff
Last affected
a1efb790fb99e989e5cd3ff5ae8cc6df3e250516
Last affected
a20751ef44b47034e8082a14d42b876b169e8713
Last affected
a3c643938166abed9a390cdbd8a5df09bfe39523
Last affected
a5915db2fab1fbe555b6410440df5177a247a2f2
Last affected
a721a1ba9cf6c86cb52f1bf325d5a27b64e870d6
Last affected
aa3bcba08d466bc6fd2558f8f0bf0e6d6c89b58b
Last affected
b3453562b349a104b92ff02289cf41ff09a8a875
Last affected
b5ea07b06d58519c54aa3f15067f9a44d84f6d8e
Last affected
b7f59e6d3e7c10ef0e222ce8ee6d19e8be304e29
Last affected
ba37ac217791dfdf2b327c4b75e7083b6b03a2f5
Last affected
baf379bf22a9b4fd9caa4cf95de397cac480cceb
Last affected
bcbbc4cfc9ca163c4a562f24ff9e2fb070647786
Last affected
bd9c6dc9ab9de8f07647015af65d6d2cec0057e3
Last affected
c7681b2b9a115eb05048a485480826bc0efa6d3b
Last affected
ca3f8299ef4e02efb821f082519ea4ca680e4fc1
Last affected
ca9cfed883333d5801716eb01cf28b6b5be2b5cd
Last affected
cd5a6521fa8e9d51090330eb500157079fda1381
Last affected
cdd4ed5449bf317cc71b45a8deee0173822e7592
Last affected
d0f83327d3739a45102fdd486947248c70e0249d
Last affected
d130536e93378d9b6512d268639324ba7f60a815
Last affected
d25c7d70ff46d1b2f2400f29d100190efe84d70d
Last affected
d4f8dde3c1c2c90c723ab550e7f449fc75599316
Last affected
d77841d1cebd3514603af055f141a84c8e53cbd3
Last affected
da645b3a73580ac30cf02e932b42d06157b98229
Last affected
de07063c05b8ffa86e804c6cc8117a8e8e5cff9b
Last affected
de17fe43fa2d67a9d93bd70979a4744ea98fb076
Last affected
e0327d103013c41c83f41a05187b90956b38c5b7
Last affected
e1ea61a30121a97eee192adc0808635fcf7b6f25
Last affected
e9dca8ce147f32d7d64a9e64f9d8339310ad6535
Last affected
eb4dfa239e6f54fef5c486caf4b58a9805c19572
Last affected
eca2f8a7dd9bda862a25fcc57ddf77f7c0dc3afe
Last affected
ef47adb414e46099155c34529a2a5caeea02fc41
Last affected
f07692e1906c5f78d4dc4f777ade31cbfdb0069e
Last affected
f5bbaeef1a5cdce1349ed6a1f87a85f17d741b56
Last affected
f7ba173cb3548ddccaab68fcaeae3dd5efdcfbf1

Affected versions

Other

PG95-1_01
REL6_1
REL6_1_1
REL6_2
REL6_2_1
REL6_3
REL6_3_2
REL6_5
REL7_0
REL7_1
REL7_1_BETA
REL7_1_BETA2
REL7_1_BETA3
REL7_2
REL7_2_BETA1
REL7_2_BETA2
REL7_2_BETA3
REL7_2_BETA4
REL7_2_BETA5
REL7_2_RC1
REL7_2_RC2
REL7_4_BETA1
REL7_4_BETA2
REL7_4_BETA3
REL7_4_BETA4
REL7_4_BETA5
REL7_4_RC1
REL8_0_0
REL8_0_0BETA1
REL8_0_0BETA2
REL8_0_0BETA3
REL8_0_0BETA4
REL8_0_0BETA5
REL8_0_0RC1
REL8_0_0RC2
REL8_0_0RC3
REL8_0_0RC4
REL8_0_0RC5
REL8_1_0
REL8_1_0BETA1
REL8_1_0BETA2
REL8_1_0BETA3
REL8_1_0BETA4
REL8_1_0RC1
REL8_2_0
REL8_2_BETA1
REL8_2_BETA2
REL8_2_BETA3
REL8_2_RC1
REL8_3_0
REL8_3_BETA1
REL8_3_BETA2
REL8_3_BETA3
REL8_3_BETA4
REL8_3_RC1
REL8_3_RC2
REL8_4_0
REL8_4_BETA1
REL8_4_BETA2
REL8_4_RC1
REL8_4_RC2
REL9_0_ALPHA5
REL9_0_BETA1
REL9_0_BETA2
REL9_0_BETA3
REL9_1_ALPHA1
REL9_1_ALPHA2
REL9_1_ALPHA3
REL9_1_ALPHA4
REL9_1_ALPHA5
REL9_1_BETA1
REL9_1_BETA2
REL9_2_0
REL9_2_1
REL9_2_10
REL9_2_11
REL9_2_12
REL9_2_13
REL9_2_14
REL9_2_15
REL9_2_16
REL9_2_17
REL9_2_18
REL9_2_2
REL9_2_3
REL9_2_4
REL9_2_5
REL9_2_6
REL9_2_7
REL9_2_8
REL9_2_9
REL9_2_BETA1
REL9_2_BETA2
REL9_2_BETA3
REL9_2_BETA4
REL9_2_RC1
REL9_3_0
REL9_3_1
REL9_3_2
REL9_3_3
REL9_3_4
REL9_3_5
REL9_3_6
REL9_3_7
REL9_3_8
REL9_3_BETA1
REL9_3_BETA2
REL9_3_RC1
REL9_4_0
REL9_4_1
REL9_4_10
REL9_4_11
REL9_4_2
REL9_4_3
REL9_4_4
REL9_4_5
REL9_4_6
REL9_4_7
REL9_4_8
REL9_4_9
REL9_4_BETA1
REL9_4_BETA2
REL9_4_BETA3
REL9_4_RC1
REL9_5_0
REL9_5_1
REL9_5_2
REL9_5_3
REL9_5_4
REL9_5_5
REL9_5_6
REL9_5_7
REL9_5_8
REL9_5_ALPHA1
REL9_5_ALPHA2
REL9_5_BETA1
REL9_5_BETA2
REL9_5_RC1
REL9_6_0
REL9_6_1
REL9_6_BETA1
REL9_6_BETA2
REL9_6_BETA3
REL9_6_BETA4
REL9_6_RC1
REL_10_0
REL_10_BETA1
REL_10_BETA2
REL_10_BETA3
REL_10_BETA4
REL_10_RC1
Release_1_0_2
Release_2_0
Release_2_0_0
release-6-3