CVE-2017-8806

Summary

The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.

Affected Software

VendorProductVersion RangeStatus
n/aPostgreSQL-related scripts that are specific to Debian and UbuntuPostgreSQL-related scripts that are specific to Debian and Ubuntuaffected

Weaknesses

  • handled symbolic links insecurely

ADP Enrichment

CVE Program Container

Additional References

References