CVE-2019-3466
Description
The pg_ctlcluster script in postgresql-common in versions prior to 210 didnt drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.128
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-3466 are fixed in PremiumSoft Navicat Essentials for PostgreSQL X64 (12.1.17) | Windows |
| Vulnerabilities CVE-2019-3466 are fixed in PremiumSoft Navicat Essentials for PostgreSQL X64 (12.1.18) | Windows |
| Vulnerabilities CVE-2019-3466 are fixed in PremiumSoft Navicat Essentials for PostgreSQL X64 (12.1.19) | Windows |
| Vulnerabilities CVE-2019-3466 are fixed in PremiumSoft Navicat Essentials for PostgreSQL X64 (12.1.20) | Windows |
| Vulnerabilities CVE-2019-3466 are fixed in PremiumSoft Navicat Essentials for PostgreSQL X64 (12.1.22) | Windows |
| Vulnerabilities CVE-2019-3466 are fixed in PremiumSoft Navicat Essentials for PostgreSQL X64 (12.1.23) | Windows |
| Vulnerabilities CVE-2019-3466 are fixed in PremiumSoft Navicat Essentials for PostgreSQL X64 (12.1.24) | Windows |
| Vulnerabilities CVE-2019-3466 are fixed in PremiumSoft Navicat Essentials for PostgreSQL X64 (12.1.25) | Windows |
| Vulnerabilities CVE-2019-3466 are fixed in PremiumSoft Navicat Essentials for PostgreSQL X64 (12.1.26.0) | Windows |
| Vulnerabilities CVE-2019-3466 are fixed in PremiumSoft Navicat Essentials for PostgreSQL X64 (12.1.27.0) | Windows |
| Vulnerabilities CVE-2019-3466 are fixed in PremiumSoft Navicat Essentials for PostgreSQL X64 (12.1.28.0) | Windows |
| Vulnerabilities CVE-2019-3466 are fixed in PremiumSoft Navicat Essentials for PostgreSQL (12.1.17) | Windows |
| Vulnerabilities CVE-2019-3466 are fixed in PremiumSoft Navicat Essentials for PostgreSQL (12.1.18) | Windows |
| Vulnerabilities CVE-2019-3466 are fixed in PremiumSoft Navicat Essentials for PostgreSQL (12.1.19) | Windows |
| Vulnerabilities CVE-2019-3466 are fixed in PremiumSoft Navicat Essentials for PostgreSQL (12.1.20) | Windows |
| Vulnerabilities CVE-2019-3466 are fixed in PremiumSoft Navicat Essentials for PostgreSQL (12.1.22) | Windows |
| Vulnerabilities CVE-2019-3466 are fixed in PremiumSoft Navicat Essentials for PostgreSQL (12.1.23) | Windows |
| Vulnerabilities CVE-2019-3466 are fixed in PremiumSoft Navicat Essentials for PostgreSQL (12.1.24) | Windows |
| Vulnerabilities CVE-2019-3466 are fixed in PremiumSoft Navicat Essentials for PostgreSQL (12.1.25) | Windows |
| Vulnerabilities CVE-2019-3466 are fixed in PremiumSoft Navicat Essentials for PostgreSQL (12.1.26.0) | Windows |
| Vulnerabilities CVE-2019-3466 are fixed in PremiumSoft Navicat Essentials for PostgreSQL (12.1.27.0) | Windows |
| Vulnerabilities CVE-2019-3466 are fixed in PremiumSoft Navicat Essentials for PostgreSQL (12.1.28.0) | Windows |
| Vulnerabilities CVE-2019-3466 are fixed in PostgreSQL 11.6 | Windows |
| Vulnerabilities CVE-2019-3466 are fixed in PostgreSQL 10.11 | Windows |
| Vulnerabilities CVE-2019-3466 are fixed in PostgreSQL 9.6.16 | Windows |
| Vulnerabilities CVE-2019-3466 are fixed in PostgreSQL 9.5.20 | Windows |
| Vulnerabilities CVE-2019-3466 are fixed in PostgreSQL 9.4.25 | Windows |
| postgresql-common security update(DSA-4568-1) postgresql-common_181+deb9u3_all.deb | Linux |
| postgresql-common security update(DSA-4568-1) postgresql-common_200+deb10u3_all.deb | Linux |
| PostgreSQL database-cluster manager (USN-4194-1) postgresql-common_173ubuntu0.3_all.deb | Linux |
| PostgreSQL database-cluster manager (USN-4194-1) postgresql-common_190ubuntu0.1_all.deb | Linux |
| PostgreSQL database-cluster manager (USN-4194-1) postgresql-common_199ubuntu0.1_all.deb | Linux |
| PostgreSQL database-cluster manager (USN-4194-1) postgresql-common_204ubuntu0.1_all.deb | Linux |
| Vulnerabilities CVE-2019-3466 Announcement are fixed in Postgresql 9.4.25 (For Linux) | Linux |
| Vulnerabilities CVE-2019-3466 Announcement are fixed in Postgresql 9.5.20 (For Linux) | Linux |
| Vulnerabilities CVE-2019-3466 Announcement are fixed in Postgresql 9.6.16 (For Linux) | Linux |
| Vulnerabilities CVE-2019-3466 Announcement are fixed in Postgresql 10.11 (For Linux) | Linux |
| Vulnerabilities CVE-2019-3466 Announcement are fixed in Postgresql 11.6 (For Linux) | Linux |
| Vulnerabilities CVE-2019-3466 Announcement are fixed in Postgresql 12.1 (For Linux) | Linux |
| Vulnerabilities CVE-2019-3466 are fixed in PostgreSQL 11.6 (For Linux) | Linux |
| Vulnerabilities CVE-2019-3466 are fixed in PostgreSQL 10.11 (For Linux) | Linux |
| Vulnerabilities CVE-2019-3466 are fixed in PostgreSQL 9.6.16 (For Linux) | Linux |
| Vulnerabilities CVE-2019-3466 are fixed in PostgreSQL 9.5.20 (For Linux) | Linux |
| Vulnerabilities CVE-2019-3466 are fixed in PostgreSQL 9.4.25 (For Linux) | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-317675 | PremiumSoft Navicat Essentials for PostgreSQL X64 (12.1.28.0) |
| PATCH-317675 | PremiumSoft Navicat Essentials for PostgreSQL X64 (12.1.28.0) |
| PATCH-317675 | PremiumSoft Navicat Essentials for PostgreSQL X64 (12.1.28.0) |
| PATCH-317675 | PremiumSoft Navicat Essentials for PostgreSQL X64 (12.1.28.0) |
| PATCH-317675 | PremiumSoft Navicat Essentials for PostgreSQL X64 (12.1.28.0) |
| PATCH-317675 | PremiumSoft Navicat Essentials for PostgreSQL X64 (12.1.28.0) |
| PATCH-317675 | PremiumSoft Navicat Essentials for PostgreSQL X64 (12.1.28.0) |
| PATCH-317675 | PremiumSoft Navicat Essentials for PostgreSQL X64 (12.1.28.0) |
| PATCH-317675 | PremiumSoft Navicat Essentials for PostgreSQL X64 (12.1.28.0) |
| PATCH-317675 | PremiumSoft Navicat Essentials for PostgreSQL X64 (12.1.28.0) |
| PATCH-317675 | PremiumSoft Navicat Essentials for PostgreSQL X64 (12.1.28.0) |
| PATCH-317674 | PremiumSoft Navicat Essentials for PostgreSQL (12.1.28.0) |
| PATCH-317674 | PremiumSoft Navicat Essentials for PostgreSQL (12.1.28.0) |
| PATCH-317674 | PremiumSoft Navicat Essentials for PostgreSQL (12.1.28.0) |
| PATCH-317674 | PremiumSoft Navicat Essentials for PostgreSQL (12.1.28.0) |
| PATCH-317674 | PremiumSoft Navicat Essentials for PostgreSQL (12.1.28.0) |
| PATCH-317674 | PremiumSoft Navicat Essentials for PostgreSQL (12.1.28.0) |
| PATCH-317674 | PremiumSoft Navicat Essentials for PostgreSQL (12.1.28.0) |
| PATCH-317674 | PremiumSoft Navicat Essentials for PostgreSQL (12.1.28.0) |
| PATCH-317674 | PremiumSoft Navicat Essentials for PostgreSQL (12.1.28.0) |
| PATCH-317674 | PremiumSoft Navicat Essentials for PostgreSQL (12.1.28.0) |
| PATCH-317674 | PremiumSoft Navicat Essentials for PostgreSQL (12.1.28.0) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234