CVE-2017-8806
Description
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.168
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2017-8806 are affected in Postgresql 2.3 | Windows |
| PostgreSQL database-cluster manager (USN-3476-1) postgresql-common_154ubuntu1.1_all.deb | Linux |
| PostgreSQL database-cluster manager (USN-3476-1) postgresql-common_173ubuntu0.1_all.deb | Linux |
| PostgreSQL database-cluster manager (USN-3476-1) postgresql-common_179ubuntu0.1_all.deb | Linux |
| PostgreSQL database-cluster manager (USN-3476-1) postgresql-common_184ubuntu1.1_all.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234