CVE-2017-12172

Publication date 22 November 2017

Last updated 25 August 2025

Ubuntu priority

Negligible

Why this priority?

Cvss 3 Severity Score

6.7 · Medium

Score breakdown

Description

PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server.

Read the notes from the security team

Status

Package Ubuntu Release Status
postgresql-9.1 17.10 artful Not in release
17.04 zesty Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
postgresql-9.3 17.10 artful Not in release
17.04 zesty Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty
Not affected
postgresql-9.5 17.10 artful Not in release
17.04 zesty Not in release
16.04 LTS xenial
Not affected
14.04 LTS trusty Not in release
postgresql-9.6 17.10 artful
Not affected
17.04 zesty
Not affected
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release

Notes

mdeslaur

this script isn't installed by the packaging

Severity score breakdown

CVSS version: CVSS v3.0

Base score 6.7 · Medium

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References

Other references

Access our resources on patching vulnerabilities