7.2 - USN-3476-2

Executive Summary

Summary
Title	postgresql-common vulnerabilities

Informations
Name	USN-3476-2	First vendor Publication	2017-11-27
Vendor	Ubuntu	Last vendor Modification	2017-11-27
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	7.2	Attack Range	Local
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	3.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM

Summary:

postgresql-common could be made to overwrite files as the administrator.

Software Description: - postgresql-common: PostgreSQL database-cluster manager

Details:

USN-3476-1 fixed two vulnerabilities in postgresql-common. This update provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

Â� Dawid Golunski discovered that the postgresql-common pg_ctlcluster Â� script incorrectly handled symlinks. A local attacker could possibly Â� use this issue to escalate privileges. (CVE-2016-1255)

Â� It was discovered that the postgresql-common helper scripts Â� incorrectly handled symlinks. A local attacker could possibly use this Â� issue to escalate privileges. (CVE-2017-8806)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 ESM: Â� postgresql-commonÂ� Â� Â� Â� Â� Â� Â� Â� Â� Â� Â� Â� Â� Â� Â� 129ubuntu1.2

In general, a standard system update will make all the necessary changes.

References: Â� https://www.ubuntu.com/usn/usn-3476-2 Â� https://www.ubuntu.com/usn/usn-3476-1 Â� CVE-2016-1255, CVE-2017-8806

Original Source

Url : http://www.ubuntu.com/usn/USN-3476-2

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-59	Improper Link Resolution Before File Access ('Link Following')

CPE : Common Platform Enumeration

Type	Description	Count
Application	Debian Postgresql-Common cpe:2.3:a:debian:postgresql-common:184ubuntu1:::::::* cpe:2.3:a:debian:postgresql-common:184:::::::* cpe:2.3:a:debian:postgresql-common:183:::::::* cpe:2.3:a:debian:postgresql-common:181ubuntu1:::::::* cpe:2.3:a:debian:postgresql-common:181:::::::* cpe:2.3:a:debian:postgresql-common:179:::::::* cpe:2.3:a:debian:postgresql-common:178:::::::* cpe:2.3:a:debian:postgresql-common:177ubuntu1:::::::* cpe:2.3:a:debian:postgresql-common:177git1:::::::* cpe:2.3:a:debian:postgresql-common:176+git1:::::::* cpe:2.3:a:debian:postgresql-common:173:::::::* cpe:2.3:a:debian:postgresql-common:172ubuntu1:::::::* cpe:2.3:a:debian:postgresql-common:172:::::::* cpe:2.3:a:debian:postgresql-common:171:::::::* cpe:2.3:a:debian:postgresql-common:170:::::::* cpe:2.3:a:debian:postgresql-common:169git1:::::::* cpe:2.3:a:debian:postgresql-common:164:::::::* cpe:2.3:a:debian:postgresql-common:163:::::::* cpe:2.3:a:debian:postgresql-common:162:::::::* cpe:2.3:a:debian:postgresql-common:161:::::::* cpe:2.3:a:debian:postgresql-common:160:::::::* cpe:2.3:a:debian:postgresql-common:159:::::::* cpe:2.3:a:debian:postgresql-common:158:::::::* cpe:2.3:a:debian:postgresql-common:157:::::::* cpe:2.3:a:debian:postgresql-common:156:::::::* cpe:2.3:a:debian:postgresql-common:155:::::::* cpe:2.3:a:debian:postgresql-common:154ubuntu1:::::::* cpe:2.3:a:debian:postgresql-common:154:::::::* cpe:2.3:a:debian:postgresql-common:153bzr1:::::::* cpe:2.3:a:debian:postgresql-common:153:::::::* cpe:2.3:a:debian:postgresql-common:152:::::::* cpe:2.3:a:debian:postgresql-common:151:::::::* cpe:2.3:a:debian:postgresql-common:150:::::::* cpe:2.3:a:debian:postgresql-common:149:::::::* cpe:2.3:a:debian:postgresql-common:148:::::::* cpe:2.3:a:debian:postgresql-common:147:::::::* cpe:2.3:a:debian:postgresql-common:146:::::::* cpe:2.3:a:debian:postgresql-common:145:::::::* cpe:2.3:a:debian:postgresql-common:144:::::::* cpe:2.3:a:debian:postgresql-common:143:::::::* cpe:2.3:a:debian:postgresql-common:142:::::::* cpe:2.3:a:debian:postgresql-common:141:::::::* cpe:2.3:a:debian:postgresql-common:140:::::::* cpe:2.3:a:debian:postgresql-common:139:::::::* cpe:2.3:a:debian:postgresql-common:138:::::::* cpe:2.3:a:debian:postgresql-common:137:::::::* cpe:2.3:a:debian:postgresql-common:136:::::::* cpe:2.3:a:debian:postgresql-common:135:::::::* cpe:2.3:a:debian:postgresql-common:134:::::::* cpe:2.3:a:debian:postgresql-common:133:::::::* cpe:2.3:a:debian:postgresql-common:132:::::::* cpe:2.3:a:debian:postgresql-common:131:::::::* cpe:2.3:a:debian:postgresql-common:130:::::::* cpe:2.3:a:debian:postgresql-common:129ubuntu1:::::::* cpe:2.3:a:debian:postgresql-common:129:::::::* cpe:2.3:a:debian:postgresql-common:128:::::::* cpe:2.3:a:debian:postgresql-common:127:::::::* cpe:2.3:a:debian:postgresql-common:126:::::::* cpe:2.3:a:debian:postgresql-common:125:::::::* cpe:2.3:a:debian:postgresql-common:124:::::::* cpe:2.3:a:debian:postgresql-common:123:::::::* cpe:2.3:a:debian:postgresql-common:122ubuntu1:::::::* cpe:2.3:a:debian:postgresql-common:122:::::::* cpe:2.3:a:debian:postgresql-common:121:::::::* cpe:2.3:a:debian:postgresql-common:120:::::::* cpe:2.3:a:debian:postgresql-common:119:::::::* cpe:2.3:a:debian:postgresql-common:118:::::::* cpe:2.3:a:debian:postgresql-common:117:::::::* cpe:2.3:a:debian:postgresql-common:116:::::::* cpe:2.3:a:debian:postgresql-common:115:::::::* cpe:2.3:a:debian:postgresql-common:114:::::::* cpe:2.3:a:debian:postgresql-common:113:::::::* cpe:2.3:a:debian:postgresql-common:112:::::::* cpe:2.3:a:debian:postgresql-common:111:::::::* cpe:2.3:a:debian:postgresql-common:110:::::::* cpe:2.3:a:debian:postgresql-common:109:::::::* cpe:2.3:a:debian:postgresql-common:108:::::::* cpe:2.3:a:debian:postgresql-common:107:::::::* cpe:2.3:a:debian:postgresql-common:106:::::::* cpe:2.3:a:debian:postgresql-common:105:::::::* cpe:2.3:a:debian:postgresql-common:104:::::::* cpe:2.3:a:debian:postgresql-common:103:::::::* cpe:2.3:a:debian:postgresql-common:102:::::::* cpe:2.3:a:debian:postgresql-common:101:::::::* cpe:2.3:a:debian:postgresql-common:100:::::::* cpe:2.3:a:debian:postgresql-common:99:::::::* cpe:2.3:a:debian:postgresql-common:98:::::::* cpe:2.3:a:debian:postgresql-common:97:::::::* cpe:2.3:a:debian:postgresql-common:96:::::::* cpe:2.3:a:debian:postgresql-common:95:::::::* cpe:2.3:a:debian:postgresql-common:94:::::::* cpe:2.3:a:debian:postgresql-common:93:::::::* cpe:2.3:a:debian:postgresql-common:92:::::::* cpe:2.3:a:debian:postgresql-common:91:::::::* cpe:2.3:a:debian:postgresql-common:90:::::::* cpe:2.3:a:debian:postgresql-common:89:::::::* cpe:2.3:a:debian:postgresql-common:88:::::::* cpe:2.3:a:debian:postgresql-common:87:::::::* cpe:2.3:a:debian:postgresql-common:86:::::::* cpe:2.3:a:debian:postgresql-common:85:::::::* cpe:2.3:a:debian:postgresql-common:84:::::::* cpe:2.3:a:debian:postgresql-common:83:::::::* cpe:2.3:a:debian:postgresql-common:82:::::::* cpe:2.3:a:debian:postgresql-common:81:::::::* cpe:2.3:a:debian:postgresql-common:80:::::::* cpe:2.3:a:debian:postgresql-common:79:::::::* cpe:2.3:a:debian:postgresql-common:78:::::::* cpe:2.3:a:debian:postgresql-common:77:::::::* cpe:2.3:a:debian:postgresql-common:76:::::::* cpe:2.3:a:debian:postgresql-common:75:::::::* cpe:2.3:a:debian:postgresql-common:74:::::::* cpe:2.3:a:debian:postgresql-common:73:::::::* cpe:2.3:a:debian:postgresql-common:72:::::::* cpe:2.3:a:debian:postgresql-common:71:::::::* cpe:2.3:a:debian:postgresql-common:70:::::::* cpe:2.3:a:debian:postgresql-common:69:::::::* cpe:2.3:a:debian:postgresql-common:68:::::::* cpe:2.3:a:debian:postgresql-common:67:::::::* cpe:2.3:a:debian:postgresql-common:66:::::::* cpe:2.3:a:debian:postgresql-common:65:::::::* cpe:2.3:a:debian:postgresql-common:64:::::::* cpe:2.3:a:debian:postgresql-common:63:::::::* cpe:2.3:a:debian:postgresql-common:62:::::::* cpe:2.3:a:debian:postgresql-common:61:::::::* cpe:2.3:a:debian:postgresql-common:60:::::::* cpe:2.3:a:debian:postgresql-common:59:::::::* cpe:2.3:a:debian:postgresql-common:58:::::::* cpe:2.3:a:debian:postgresql-common:57:::::::* cpe:2.3:a:debian:postgresql-common:56:::::::* cpe:2.3:a:debian:postgresql-common:55:::::::* cpe:2.3:a:debian:postgresql-common:54:::::::* cpe:2.3:a:debian:postgresql-common:53:::::::* cpe:2.3:a:debian:postgresql-common:52:::::::* cpe:2.3:a:debian:postgresql-common:51:::::::* cpe:2.3:a:debian:postgresql-common:50:::::::* cpe:2.3:a:debian:postgresql-common:49:::::::* cpe:2.3:a:debian:postgresql-common:48:::::::* cpe:2.3:a:debian:postgresql-common:47:::::::* cpe:2.3:a:debian:postgresql-common:46:::::::* cpe:2.3:a:debian:postgresql-common:45:::::::* cpe:2.3:a:debian:postgresql-common:44:::::::* cpe:2.3:a:debian:postgresql-common:43:::::::* cpe:2.3:a:debian:postgresql-common:42:::::::* cpe:2.3:a:debian:postgresql-common:41:::::::* cpe:2.3:a:debian:postgresql-common:40:::::::* cpe:2.3:a:debian:postgresql-common:39:::::::* cpe:2.3:a:debian:postgresql-common:38:::::::* cpe:2.3:a:debian:postgresql-common:37:::::::* cpe:2.3:a:debian:postgresql-common:36:::::::* cpe:2.3:a:debian:postgresql-common:35:::::::* cpe:2.3:a:debian:postgresql-common:34:::::::* cpe:2.3:a:debian:postgresql-common:33:::::::* cpe:2.3:a:debian:postgresql-common:32:::::::* cpe:2.3:a:debian:postgresql-common:31:::::::* cpe:2.3:a:debian:postgresql-common:30:::::::* cpe:2.3:a:debian:postgresql-common:29:::::::* cpe:2.3:a:debian:postgresql-common:28:::::::* cpe:2.3:a:debian:postgresql-common:27:::::::* cpe:2.3:a:debian:postgresql-common:26:::::::* cpe:2.3:a:debian:postgresql-common:25:::::::* cpe:2.3:a:debian:postgresql-common:24:::::::* cpe:2.3:a:debian:postgresql-common:23:::::::* cpe:2.3:a:debian:postgresql-common:22:::::::* cpe:2.3:a:debian:postgresql-common:21:::::::* cpe:2.3:a:debian:postgresql-common:20:::::::* cpe:2.3:a:debian:postgresql-common:19:::::::* cpe:2.3:a:debian:postgresql-common:18:::::::* cpe:2.3:a:debian:postgresql-common:17:::::::* cpe:2.3:a:debian:postgresql-common:16:::::::* cpe:2.3:a:debian:postgresql-common:15:::::::* cpe:2.3:a:debian:postgresql-common:14:::::::* cpe:2.3:a:debian:postgresql-common:13:::::::* cpe:2.3:a:debian:postgresql-common:12:::::::* cpe:2.3:a:debian:postgresql-common:11:::::::* cpe:2.3:a:debian:postgresql-common:10:::::::* cpe:2.3:a:debian:postgresql-common:9:::::::* cpe:2.3:a:debian:postgresql-common:8:::::::* cpe:2.3:a:debian:postgresql-common:7:::::::* cpe:2.3:a:debian:postgresql-common:6:::::::* cpe:2.3:a:debian:postgresql-common:5:::::::* cpe:2.3:a:debian:postgresql-common:4:::::::* cpe:2.3:a:debian:postgresql-common:3:::::::* cpe:2.3:a:debian:postgresql-common:2:::::::* cpe:2.3:a:debian:postgresql-common:1:::::::*	184
Application	Postgresql cpe:2.3:a:postgresql:postgresql:-:::::::*	1

Nessus® Vulnerability Scanner

Date	Description
2017-11-13	Name : The remote Debian host is missing a security update. File : debian_DLA-1169.nasl - Type : ACT_GATHER_INFO
2017-11-10	Name : The remote Debian host is missing a security-related update. File : debian_DSA-4029.nasl - Type : ACT_GATHER_INFO
2017-11-10	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-3476-1.nasl - Type : ACT_GATHER_INFO
2017-01-03	Name : The remote Debian host is missing a security update. File : debian_DLA-774.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2017-12-22 00:23:39	Multiple Updates
2017-12-08 21:23:56	Multiple Updates
2017-12-05 21:24:06	Multiple Updates
2017-11-27 21:22:06	First insertion

Global Informations

Type	Count
CWE ID(s)	2
CPE ID(s)	185
Nessus® Exploit(s)	4

	Related
7.8	CVE-2016-1255
7.2	USN-3476-1
5.5	CVE-2017-8806
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)

7.2 - USN-3476-2

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU