CVE-2017-8806
Severity CVSS v4.0:
Pending analysis
Type:
CWE-59
Link Following
Publication date:
13/11/2017
Last modified:
20/04/2025
Description
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Base Score 2.0
3.60
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:postgresql:postgresql:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://metadata.ftp-master.debian.org/changelogs/main/p/postgresql-common/postgresql-common_181+deb9u1_changelog
- http://www.securityfocus.com/bid/101810
- https://usn.ubuntu.com/usn/usn-3476-1/
- https://www.debian.org/security/2017/dsa-4029
- http://metadata.ftp-master.debian.org/changelogs/main/p/postgresql-common/postgresql-common_181+deb9u1_changelog
- http://www.securityfocus.com/bid/101810
- https://usn.ubuntu.com/usn/usn-3476-1/
- https://www.debian.org/security/2017/dsa-4029