ID de Prueba:	1.3.6.1.4.1.25623.1.0.812314
Categoría:	Databases
Título:	PostgreSQL Privilege Escalation Vulnerability-Dec17 (Linux)
Resumen:	PostgreSQL is prone to a privilege escalation vulnerability.
Descripción:	Summary: PostgreSQL is prone to a privilege escalation vulnerability. Vulnerability Insight: The flaw exists as PostgreSQL runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server. Vulnerability Impact: Successful exploitation will allow a local user to modify files on the target system. Affected Software/OS: PostgreSQL version 9.2.x before 9.2.24, 9.3.x before 9.3.20, 9.4.x before 9.4.15, 9.5.x before 9.5.10, 9.6.x before 9.6.6 and 10.x before 10.1. Solution: Upgrade to PostgreSQL version 10.1 or 9.6.6 or 9.5.10 or 9.4.15 or 9.3.20 or 9.2.24 or later. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	BugTraq ID: 101949 Common Vulnerability Exposure (CVE) ID: CVE-2017-12172
Copyright	Copyright (C) 2017 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.