CVE-2017-8806

The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.
References
Link Resource
http://metadata.ftp-master.debian.org/changelogs/main/p/postgresql-common/postgresql-common_181+deb9u1_changelog Broken Link Issue Tracking Third Party Advisory
http://www.securityfocus.com/bid/101810 Broken Link Third Party Advisory VDB Entry
https://usn.ubuntu.com/usn/usn-3476-1/ Issue Tracking Third Party Advisory
https://www.debian.org/security/2017/dsa-4029 Issue Tracking Third Party Advisory
http://metadata.ftp-master.debian.org/changelogs/main/p/postgresql-common/postgresql-common_181+deb9u1_changelog Broken Link Issue Tracking Third Party Advisory
http://www.securityfocus.com/bid/101810 Broken Link Third Party Advisory VDB Entry
https://usn.ubuntu.com/usn/usn-3476-1/ Issue Tracking Third Party Advisory
https://www.debian.org/security/2017/dsa-4029 Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:postgresql:postgresql:-:*:*:*:*:*:*:*
OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

21 Nov 2024, 03:34

Type Values Removed Values Added
References () http://metadata.ftp-master.debian.org/changelogs/main/p/postgresql-common/postgresql-common_181+deb9u1_changelog - Broken Link, Issue Tracking, Third Party Advisory () http://metadata.ftp-master.debian.org/changelogs/main/p/postgresql-common/postgresql-common_181+deb9u1_changelog - Broken Link, Issue Tracking, Third Party Advisory
References () http://www.securityfocus.com/bid/101810 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/101810 - Broken Link, Third Party Advisory, VDB Entry
References () https://usn.ubuntu.com/usn/usn-3476-1/ - Issue Tracking, Third Party Advisory () https://usn.ubuntu.com/usn/usn-3476-1/ - Issue Tracking, Third Party Advisory
References () https://www.debian.org/security/2017/dsa-4029 - Issue Tracking, Third Party Advisory () https://www.debian.org/security/2017/dsa-4029 - Issue Tracking, Third Party Advisory

01 Apr 2024, 15:50

Type Values Removed Values Added
References () http://metadata.ftp-master.debian.org/changelogs/main/p/postgresql-common/postgresql-common_181+deb9u1_changelog - Issue Tracking, Third Party Advisory () http://metadata.ftp-master.debian.org/changelogs/main/p/postgresql-common/postgresql-common_181+deb9u1_changelog - Broken Link, Issue Tracking, Third Party Advisory
References () http://www.securityfocus.com/bid/101810 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/101810 - Broken Link, Third Party Advisory, VDB Entry
CPE cpe:2.3:a:postgresql:postgresql:-:*:*:*:*:debian:*:*
cpe:2.3:a:postgresql:postgresql:-:*:*:*:*:ubuntu:*:*
cpe:2.3:a:postgresql:postgresql:-:*:*:*:*:*:*:*

Information

Published : 2017-11-13 09:29

Updated : 2024-11-21 03:34


NVD link : CVE-2017-8806

Mitre link : CVE-2017-8806

CVE.ORG link : CVE-2017-8806


JSON object : View

Products Affected

canonical

  • ubuntu_linux

debian

  • debian_linux

postgresql

  • postgresql
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')