← Back

CVE-2017-8806

nvd nist
Published: Nov 13, 2017Modified: May 13, 2026

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.

Affected (1)

Postgresql
1 product
Postgresql
Configuration A
1 vulnerable · 6 platform
Vulnerable SoftwareAffected Versions
Postgresql
All versions
Running on/withPlatform Versions
Canonical
Ubuntu Linux
Version 14.04
Canonical
Ubuntu Linux
Version 16.04
Canonical
Ubuntu Linux
Version 17.04
Canonical
Ubuntu Linux
Version 17.10
Debian
Debian Linux
Version 8.0
Debian
Debian Linux
Version 9.0

Related CWEs

CWE-59
Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (8)

Source: security@debian.org
Broken LinkIssue TrackingThird Party Advisory
Source: security@debian.org
Broken LinkThird Party AdvisoryVDB Entry
Source: security@debian.org
Issue TrackingThird Party Advisory
Source: security@debian.org
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkIssue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory

Timeline

No history available yet.