CVE-2017-12172
Public on 2017-11-22
Modified on 2017-12-06
Description
Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | postgresql92 | 2017-12-05 | ALAS-2017-931 | Fixed |
| Amazon Linux 1 | postgresql93 | 2017-12-05 | ALAS-2017-931 | Fixed |
| Amazon Linux 1 | postgresql94 | 2017-12-05 | ALAS-2017-931 | Fixed |
| Amazon Linux 1 | postgresql95 | 2017-12-05 | ALAS-2017-930 | Fixed |
| Amazon Linux 1 | postgresql96 | 2017-12-05 | ALAS-2017-930 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 6.5 | CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H |
| NVD | CVSSv2 | 7.2 | AV:L/AC:L/Au:N/C:C/I:C/A:C |
| NVD | CVSSv3 | 6.7 | CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |