Home

CVE-2017-15097

Description

Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.

Risk Information

Base Score
6.7
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.039

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2017:3402) Moderate: postgresql security update postgresql-9.2.23-3.el7_4.i686.rpmLinux
(RHSA-2017:3402) Moderate: postgresql security update postgresql-9.2.23-3.el7_4.x86_64.rpmLinux
(RHSA-2017:3402) Moderate: postgresql security update postgresql-contrib-9.2.23-3.el7_4.x86_64.rpmLinux
(RHSA-2017:3402) Moderate: postgresql security update postgresql-devel-9.2.23-3.el7_4.i686.rpmLinux
(RHSA-2017:3402) Moderate: postgresql security update postgresql-devel-9.2.23-3.el7_4.x86_64.rpmLinux
(RHSA-2017:3402) Moderate: postgresql security update postgresql-docs-9.2.23-3.el7_4.x86_64.rpmLinux
(RHSA-2017:3402) Moderate: postgresql security update postgresql-libs-9.2.23-3.el7_4.i686.rpmLinux
(RHSA-2017:3402) Moderate: postgresql security update postgresql-libs-9.2.23-3.el7_4.x86_64.rpmLinux
(RHSA-2017:3402) Moderate: postgresql security update postgresql-plperl-9.2.23-3.el7_4.x86_64.rpmLinux
(RHSA-2017:3402) Moderate: postgresql security update postgresql-plpython-9.2.23-3.el7_4.x86_64.rpmLinux
(RHSA-2017:3402) Moderate: postgresql security update postgresql-pltcl-9.2.23-3.el7_4.x86_64.rpmLinux
(RHSA-2017:3402) Moderate: postgresql security update postgresql-server-9.2.23-3.el7_4.x86_64.rpmLinux
(RHSA-2017:3402) Moderate: postgresql security update postgresql-static-9.2.23-3.el7_4.i686.rpmLinux
(RHSA-2017:3402) Moderate: postgresql security update postgresql-static-9.2.23-3.el7_4.x86_64.rpmLinux
(RHSA-2017:3402) Moderate: postgresql security update postgresql-test-9.2.23-3.el7_4.x86_64.rpmLinux
(RHSA-2017:3402) Moderate: postgresql security update postgresql-upgrade-9.2.23-3.el7_4.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234