QwikSec

Security Database

CVE

CWE

Training

CVE-2016-1255

Published: Dec 5, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[debian-lts-announce] 20170101 [SECURITY] [DLA-774-1] postgresql-common security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

https://anonscm.debian.org/cgit/pkg-postgresql/postgresql-common.git/commit/?id=c8989206ec360f199400c74f129f7b4cb878c1ee

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.