Candidate: CVE-2017-12172
PublicDate: 2017-11-22 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12172
Description:
 PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x
 before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a
 non-root operating system account, and database superusers have effective
 ability to run arbitrary code under that system account. PostgreSQL
 provides a script for starting the database server during system boot.
 Packages of PostgreSQL for many operating systems provide their own,
 packager-authored startup implementations. Several implementations use a
 log file name that the database superuser can replace with a symbolic link.
 As root, they open(), chmod() and/or chown() this log file name. This often
 suffices for the database superuser to escalate to root privileges when
 root starts the server.
Ubuntu-Description:
Notes:
 mdeslaur> this script isn't installed by the packaging
Bugs:
Priority: negligible
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H [6.7 MEDIUM]

Patches_postgresql-9.6:
upstream_postgresql-9.6: needs-triage
precise/esm_postgresql-9.6: DNE
trusty_postgresql-9.6: DNE
trusty/esm_postgresql-9.6: DNE
xenial_postgresql-9.6: DNE
zesty_postgresql-9.6: not-affected (code not shipped)
artful_postgresql-9.6: not-affected (code not shipped)
devel_postgresql-9.6: not-affected (code not shipped)

Patches_postgresql-9.5:
upstream_postgresql-9.5: needs-triage
precise/esm_postgresql-9.5: DNE
trusty_postgresql-9.5: DNE
trusty/esm_postgresql-9.5: DNE
xenial_postgresql-9.5: not-affected (code not shipped)
esm-infra/xenial_postgresql-9.5: not-affected (code not shipped)
zesty_postgresql-9.5: DNE
artful_postgresql-9.5: DNE
devel_postgresql-9.5: DNE

Patches_postgresql-9.3:
upstream_postgresql-9.3: needs-triage
precise/esm_postgresql-9.3: DNE
trusty_postgresql-9.3: not-affected (code not shipped)
trusty/esm_postgresql-9.3: not-affected (code not shipped)
xenial_postgresql-9.3: DNE
zesty_postgresql-9.3: DNE
artful_postgresql-9.3: DNE
devel_postgresql-9.3: DNE

Patches_postgresql-9.1:
upstream_postgresql-9.1: needs-triage
precise/esm_postgresql-9.1: not-affected (code not shipped)
trusty_postgresql-9.1: not-affected (code not shipped)
trusty/esm_postgresql-9.1: DNE (trusty was not-affected [code not shipped])
xenial_postgresql-9.1: DNE
zesty_postgresql-9.1: DNE
artful_postgresql-9.1: DNE
devel_postgresql-9.1: DNE