Home

CVE-2018-1115

Description

postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesnt follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.

Risk Information

Base Score
9.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS Score
Exploitation Probability
0.483

Associated Vulnerability

VulnerabilityOS Platform
Update PostgressSQL to 9.6.9Windows
Vulnerabilities CVE-2018-1115 are fixed in PostgreSQL 10.4Windows
Vulnerabilities CVE-2018-1115 are fixed in PostgreSQL 9.6.9Windows
SUSE-SU-2018:1695-1(SUSE Linux Enterprise Desktop 12-SP3 ) postgresql96-9.6.9-3.19.1.x86_64.rpmLinux
SUSE-SU-2018:1695-1(SUSE Linux Enterprise Server 12-SP3 ) postgresql96-contrib-9.6.9-3.19.1.x86_64.rpmLinux
SUSE-SU-2018:1695-1(SUSE Linux Enterprise Server 12-SP3 ) postgresql96-contrib-debuginfo-9.6.9-3.19.1.x86_64.rpmLinux
SUSE-SU-2018:1695-1(SUSE Linux Enterprise Desktop 12-SP3 ) postgresql96-debuginfo-9.6.9-3.19.1.x86_64.rpmLinux
SUSE-SU-2018:1695-1(SUSE Linux Enterprise Desktop 12-SP3 ) postgresql96-debugsource-9.6.9-3.19.1.x86_64.rpmLinux
SUSE-SU-2018:1695-1(SUSE Linux Enterprise Server 12-SP3 ) postgresql96-docs-9.6.9-3.19.1.noarch.rpmLinux
SUSE-SU-2018:1695-1(SUSE Linux Enterprise Desktop 12-SP3 ) postgresql96-libs-debugsource-9.6.9-3.19.1.x86_64.rpmLinux
SUSE-SU-2018:1695-1(SUSE Linux Enterprise Server 12-SP3 ) postgresql96-server-9.6.9-3.19.1.x86_64.rpmLinux
SUSE-SU-2018:1695-1(SUSE Linux Enterprise Server 12-SP3 ) postgresql96-server-debuginfo-9.6.9-3.19.1.x86_64.rpmLinux
Update PostgressSQL to 9.6.9 (For Linux)Linux
Vulnerabilities CVE-2018-1115 are fixed in PostgreSQL 10.4 (For Linux)Linux
Vulnerabilities CVE-2018-1115 are fixed in PostgreSQL 9.6.9 (For Linux)Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234