CVE-2017-14798

Summary

A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.

Affected Software

VendorProductVersion RangeStatus
susepostgresql-initunspecified <= 9.4-0.5.3.1affected

Weaknesses

  • creation of directory could follow symlinks
  • CWE-61: CWE-61

ADP Enrichment

CVE Program Container

Additional References

References