CVE-2018-1053

Published: Feb 9, 2018Modified: Nov 21, 2024

7.0

Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.0 / Impact: 5.9

Source: NVD

Description

In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file.

Affected (11)

Products: Postgresql: Postgresql · Debian: Debian Linux · Canonical: Ubuntu Linux · +1 more

Show all products

Postgresql: Postgresql · Debian: Debian Linux · Canonical: Ubuntu Linux · Redhat: Cloudforms

1 product

1 product

1 product

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Postgresql Postgresql	From 9.3.0 to 9.3.21
Postgresql Postgresql	From 9.4.0 to 9.4.16
Postgresql Postgresql	From 9.5.0 to 9.5.11
Postgresql Postgresql	From 9.6.0 to 9.6.7
Postgresql Postgresql	Version 10.0
Postgresql Postgresql	Version 10.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 17.10

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Cloudforms	Version 4.6

Related CWEs

Insecure Temporary File

Creating and using insecure temporary files can leave application and system data vulnerable to attack.

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (14)

http://www.securityfocus.com/bid/102986

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2018:2511

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2566

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3816

Source: secalert@redhat.com

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2018/02/msg00006.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://usn.ubuntu.com/3564-1/

Source: secalert@redhat.com

Third Party Advisory

https://www.postgresql.org/about/news/1829/

Source: secalert@redhat.com

PatchRelease NotesThird Party Advisory

http://www.securityfocus.com/bid/102986

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2018:2511

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2566

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3816

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2018/02/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://usn.ubuntu.com/3564-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.postgresql.org/about/news/1829/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchRelease NotesThird Party Advisory

Timeline

No history available yet.