cnvd - cnvd-2017-36438

cnvd-2017-36438

Vulnerability from cnvd

Title: 多款产品postgresql-common包权限提升漏洞

Description:

Debian是Debian Project合作组织创建的以Linux或FreeBSD为内核的自由操作系统。wheezy、jessie和unstable都是Debian的分支版本。Ubuntu是英国科能（Canonical）公司和Ubuntu基金会共同开发的一套以桌面应用为主的GNU/Linux操作系统。postgresql-common package是一个使用在Linux中的PostgresSQL数据库集群管理器。

多款产品中的postgresql-common包的pg_ctlcluster脚本存在安全漏洞。本地攻击者可通过对/var/log/postgresql中的日志文件实施符号链接攻击利用该漏洞获取root权限。

Severity: 中

Patch Name: 多款产品postgresql-common包权限提升漏洞的补丁

Patch Description:

多款产品中的postgresql-common包的pg_ctlcluster脚本存在安全漏洞。本地攻击者可通过对/var/log/postgresql中的日志文件实施符号链接攻击利用该漏洞获取root权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://usn.ubuntu.com/usn/USN-3476-2/ https://usn.ubuntu.com/usn/USN-3476-2/

Reference: https://usn.ubuntu.com/usn/USN-3476-1/ https://nvd.nist.gov/vuln/detail/CVE-2016-1255

Impacted products

Name
['Debian Debian wheezy <178', 'Debian Debian jessie <165+deb8u2', 'Debian Debian unstable <134wheezy5']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-1255"
    }
  },
  "description": "Debian\u662fDebian Project\u5408\u4f5c\u7ec4\u7ec7\u521b\u5efa\u7684\u4ee5Linux\u6216FreeBSD\u4e3a\u5185\u6838\u7684\u81ea\u7531\u64cd\u4f5c\u7cfb\u7edf\u3002wheezy\u3001jessie\u548cunstable\u90fd\u662fDebian\u7684\u5206\u652f\u7248\u672c\u3002Ubuntu\u662f\u82f1\u56fd\u79d1\u80fd\uff08Canonical\uff09\u516c\u53f8\u548cUbuntu\u57fa\u91d1\u4f1a\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u4ee5\u684c\u9762\u5e94\u7528\u4e3a\u4e3b\u7684GNU/Linux\u64cd\u4f5c\u7cfb\u7edf\u3002postgresql-common package\u662f\u4e00\u4e2a\u4f7f\u7528\u5728Linux\u4e2d\u7684PostgresSQL\u6570\u636e\u5e93\u96c6\u7fa4\u7ba1\u7406\u5668\u3002\r\n\r\n\u591a\u6b3e\u4ea7\u54c1\u4e2d\u7684postgresql-common\u5305\u7684pg_ctlcluster\u811a\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5bf9/var/log/postgresql\u4e2d\u7684\u65e5\u5fd7\u6587\u4ef6\u5b9e\u65bd\u7b26\u53f7\u94fe\u63a5\u653b\u51fb\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6root\u6743\u9650\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://usn.ubuntu.com/usn/USN-3476-2/\r\nhttps://usn.ubuntu.com/usn/USN-3476-2/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-36438",
  "openTime": "2017-12-07",
  "patchDescription": "Debian\u662fDebian Project\u5408\u4f5c\u7ec4\u7ec7\u521b\u5efa\u7684\u4ee5Linux\u6216FreeBSD\u4e3a\u5185\u6838\u7684\u81ea\u7531\u64cd\u4f5c\u7cfb\u7edf\u3002wheezy\u3001jessie\u548cunstable\u90fd\u662fDebian\u7684\u5206\u652f\u7248\u672c\u3002Ubuntu\u662f\u82f1\u56fd\u79d1\u80fd\uff08Canonical\uff09\u516c\u53f8\u548cUbuntu\u57fa\u91d1\u4f1a\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u4ee5\u684c\u9762\u5e94\u7528\u4e3a\u4e3b\u7684GNU/Linux\u64cd\u4f5c\u7cfb\u7edf\u3002postgresql-common package\u662f\u4e00\u4e2a\u4f7f\u7528\u5728Linux\u4e2d\u7684PostgresSQL\u6570\u636e\u5e93\u96c6\u7fa4\u7ba1\u7406\u5668\u3002\r\n\r\n\u591a\u6b3e\u4ea7\u54c1\u4e2d\u7684postgresql-common\u5305\u7684pg_ctlcluster\u811a\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5bf9/var/log/postgresql\u4e2d\u7684\u65e5\u5fd7\u6587\u4ef6\u5b9e\u65bd\u7b26\u53f7\u94fe\u63a5\u653b\u51fb\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6root\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3e\u4ea7\u54c1postgresql-common\u5305\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Debian Debian wheezy \u003c178",
      "Debian Debian jessie \u003c165+deb8u2",
      "Debian Debian unstable \u003c134wheezy5"
    ]
  },
  "referenceLink": "https://usn.ubuntu.com/usn/USN-3476-1/\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1255",
  "serverity": "\u4e2d",
  "submitTime": "2017-11-10",
  "title": "\u591a\u6b3e\u4ea7\u54c1postgresql-common\u5305\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2016-1255 (GCVE-0-2016-1255)

Vulnerability from cvelistv5

Published

2017-12-05 16:00

Modified

2024-08-05 22:48

Severity ?

CWE

Summary

The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql.

References

▼	URL	Tags
	https://lists.debian.org/debian-lts-announce/2017/01/msg00002.html	mailing-list, x_refsource_MLIST
	http://www.ubuntu.com/usn/USN-3476-1	vendor-advisory, x_refsource_UBUNTU
	https://anonscm.debian.org/cgit/pkg-postgresql/postgresql-common.git/commit/?id=c8989206ec360f199400c74f129f7b4cb878c1ee	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-3476-2	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:48:13.668Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20170101 [SECURITY] [DLA-774-1] postgresql-common security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2017/01/msg00002.html"
          },
          {
            "name": "USN-3476-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3476-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://anonscm.debian.org/cgit/pkg-postgresql/postgresql-common.git/commit/?id=c8989206ec360f199400c74f129f7b4cb878c1ee"
          },
          {
            "name": "USN-3476-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3476-2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-12-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-05T15:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20170101 [SECURITY] [DLA-774-1] postgresql-common security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2017/01/msg00002.html"
        },
        {
          "name": "USN-3476-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3476-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://anonscm.debian.org/cgit/pkg-postgresql/postgresql-common.git/commit/?id=c8989206ec360f199400c74f129f7b4cb878c1ee"
        },
        {
          "name": "USN-3476-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3476-2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2016-1255",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20170101 [SECURITY] [DLA-774-1] postgresql-common security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2017/01/msg00002.html"
            },
            {
              "name": "USN-3476-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3476-1"
            },
            {
              "name": "https://anonscm.debian.org/cgit/pkg-postgresql/postgresql-common.git/commit/?id=c8989206ec360f199400c74f129f7b4cb878c1ee",
              "refsource": "CONFIRM",
              "url": "https://anonscm.debian.org/cgit/pkg-postgresql/postgresql-common.git/commit/?id=c8989206ec360f199400c74f129f7b4cb878c1ee"
            },
            {
              "name": "USN-3476-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3476-2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2016-1255",
    "datePublished": "2017-12-05T16:00:00",
    "dateReserved": "2015-12-27T00:00:00",
    "dateUpdated": "2024-08-05T22:48:13.668Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted