CVE-2017-14798
7.3
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| suse | postgresql-init | unspecified <= 9.4-0.5.3.1 | affected |
Weaknesses
- creation of directory could follow symlinks
- CWE-61: CWE-61
ADP Enrichment
CVE Program Container
Additional References
- https://www.exploit-db.com/exploits/45184/
- https://bugzilla.suse.com/show_bug.cgi?id=1062722
- https://www.suse.com/de-de/security/cve/CVE-2017-14798/
- http://lists.suse.com/pipermail/sle-security-updates/2017-November/003420.html
References
- https://www.exploit-db.com/exploits/45184/
- https://bugzilla.suse.com/show_bug.cgi?id=1062722
- https://www.suse.com/de-de/security/cve/CVE-2017-14798/
- http://lists.suse.com/pipermail/sle-security-updates/2017-November/003420.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.