What is the severity of CVE-2016-5424?

CVE-2016-5424 is classified as a high severity vulnerability due to the potential for remote authenticated users to gain superuser privileges.

How do I fix CVE-2016-5424?

To fix CVE-2016-5424, you should upgrade to PostgreSQL version 9.5.4, 9.4.9, 9.3.14, 9.2.18, or 9.1.23 as these versions contain the necessary patches.

Who is affected by CVE-2016-5424?

CVE-2016-5424 affects PostgreSQL versions prior to 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4.

What types of roles can exploit CVE-2016-5424?

Remote authenticated users with the CREATEDB or CREATEROLE role can exploit CVE-2016-5424 to escalate their privileges to superuser.

What kind of privileges can be gained from CVE-2016-5424?

CVE-2016-5424 may allow unauthorized escalation to superuser privileges, enabling full access to the database.

Vulnerability/
CVE-2016-5424

high

7.1

CWE

4/8/2016

9/12/2016

6/8/2024

CVE-2016-5424: Code Injection

First published: Thu Aug 04 2016(Updated: )

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
redhat/postgresql	<9.5.4	9.5.4
redhat/postgresql	<9.4.9	9.4.9
redhat/postgresql	<9.3.14	9.3.14
redhat/postgresql	<9.2.18	9.2.18
redhat/postgresql	<9.1.23	9.1.23
Debian	=8.0
PostgreSQL	<=9.1.22
PostgreSQL	=9.2
PostgreSQL	=9.2.1
PostgreSQL	=9.2.2
PostgreSQL	=9.2.3
PostgreSQL	=9.2.4
PostgreSQL	=9.2.5
PostgreSQL	=9.2.6
PostgreSQL	=9.2.7
PostgreSQL	=9.2.8
PostgreSQL	=9.2.9
PostgreSQL	=9.2.10
PostgreSQL	=9.2.11
PostgreSQL	=9.2.12
PostgreSQL	=9.2.13
PostgreSQL	=9.2.14
PostgreSQL	=9.2.15
PostgreSQL	=9.2.16
PostgreSQL	=9.2.17
PostgreSQL	=9.3
PostgreSQL	=9.3.1
PostgreSQL	=9.3.2
PostgreSQL	=9.3.3
PostgreSQL	=9.3.4
PostgreSQL	=9.3.5
PostgreSQL	=9.3.6
PostgreSQL	=9.3.7
PostgreSQL	=9.3.8
PostgreSQL	=9.3.9
PostgreSQL	=9.3.10
PostgreSQL	=9.3.11
PostgreSQL	=9.3.12
PostgreSQL	=9.3.13
PostgreSQL	=9.4
PostgreSQL	=9.4.1
PostgreSQL	=9.4.2
PostgreSQL	=9.4.3
PostgreSQL	=9.4.4
PostgreSQL	=9.4.5
PostgreSQL	=9.4.6
PostgreSQL	=9.4.7
PostgreSQL	=9.4.8
PostgreSQL	=9.5
PostgreSQL	=9.5.1
PostgreSQL	=9.5.2
PostgreSQL	=9.5.3

Remedy

https://www.postgresql.org/about/news/1688/

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-5424?
CVE-2016-5424 is classified as a high severity vulnerability due to the potential for remote authenticated users to gain superuser privileges.
How do I fix CVE-2016-5424?
To fix CVE-2016-5424, you should upgrade to PostgreSQL version 9.5.4, 9.4.9, 9.3.14, 9.2.18, or 9.1.23 as these versions contain the necessary patches.
Who is affected by CVE-2016-5424?
CVE-2016-5424 affects PostgreSQL versions prior to 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4.
What types of roles can exploit CVE-2016-5424?
Remote authenticated users with the CREATEDB or CREATEROLE role can exploit CVE-2016-5424 to escalate their privileges to superuser.
What kind of privileges can be gained from CVE-2016-5424?
CVE-2016-5424 may allow unauthorized escalation to superuser privileges, enabling full access to the database.

agent/type
agent/first-publish-date
agent/references
agent/severity
agent/remedy
agent/author
agent/weakness
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2016-5424
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
package-manager/redhat
vendor/debian
canonical/debian
version/debian/8.0
vendor/postgresql
canonical/postgresql
version/postgresql/9.1.22
version/postgresql/9.2
version/postgresql/9.2.1
version/postgresql/9.2.2
version/postgresql/9.2.3
version/postgresql/9.2.4
version/postgresql/9.2.5
version/postgresql/9.2.6
version/postgresql/9.2.7
version/postgresql/9.2.8
version/postgresql/9.2.9
version/postgresql/9.2.10
version/postgresql/9.2.11
version/postgresql/9.2.12
version/postgresql/9.2.13
version/postgresql/9.2.14
version/postgresql/9.2.15
version/postgresql/9.2.16
version/postgresql/9.2.17
version/postgresql/9.3
version/postgresql/9.3.1
version/postgresql/9.3.2
version/postgresql/9.3.3
version/postgresql/9.3.4
version/postgresql/9.3.5
version/postgresql/9.3.6
version/postgresql/9.3.7
version/postgresql/9.3.8
version/postgresql/9.3.9
version/postgresql/9.3.10
version/postgresql/9.3.11
version/postgresql/9.3.12
version/postgresql/9.3.13
version/postgresql/9.4
version/postgresql/9.4.1
version/postgresql/9.4.2
version/postgresql/9.4.3
version/postgresql/9.4.4
version/postgresql/9.4.5
version/postgresql/9.4.6
version/postgresql/9.4.7
version/postgresql/9.4.8
version/postgresql/9.5
version/postgresql/9.5.1
version/postgresql/9.5.2
version/postgresql/9.5.3