CVE-2017-12172
First published: Wed Oct 04 2017(Updated: )
PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/postgresql | <9.2.24 | 9.2.24 |
| redhat/postgresql | <9.3.20 | 9.3.20 |
| redhat/postgresql | <9.4.15 | 9.4.15 |
| redhat/postgresql | <9.5.10 | 9.5.10 |
| redhat/postgresql | <9.6.6 | 9.6.6 |
| redhat/postgresql | <10.1 | 10.1 |
| PostgreSQL Common | =9.2 | |
| PostgreSQL Common | =9.2.1 | |
| PostgreSQL Common | =9.2.2 | |
| PostgreSQL Common | =9.2.3 | |
| PostgreSQL Common | =9.2.4 | |
| PostgreSQL Common | =9.2.5 | |
| PostgreSQL Common | =9.2.6 | |
| PostgreSQL Common | =9.2.7 | |
| PostgreSQL Common | =9.2.8 | |
| PostgreSQL Common | =9.2.9 | |
| PostgreSQL Common | =9.2.10 | |
| PostgreSQL Common | =9.2.11 | |
| PostgreSQL Common | =9.2.12 | |
| PostgreSQL Common | =9.2.13 | |
| PostgreSQL Common | =9.2.14 | |
| PostgreSQL Common | =9.2.15 | |
| PostgreSQL Common | =9.2.16 | |
| PostgreSQL Common | =9.2.17 | |
| PostgreSQL Common | =9.2.18 | |
| PostgreSQL Common | =9.2.19 | |
| PostgreSQL Common | =9.2.20 | |
| PostgreSQL Common | =9.2.21 | |
| PostgreSQL Common | =9.2.22 | |
| PostgreSQL Common | =9.2.23 | |
| PostgreSQL Common | =9.3 | |
| PostgreSQL Common | =9.3.1 | |
| PostgreSQL Common | =9.3.2 | |
| PostgreSQL Common | =9.3.3 | |
| PostgreSQL Common | =9.3.4 | |
| PostgreSQL Common | =9.3.5 | |
| PostgreSQL Common | =9.3.6 | |
| PostgreSQL Common | =9.3.7 | |
| PostgreSQL Common | =9.3.8 | |
| PostgreSQL Common | =9.3.9 | |
| PostgreSQL Common | =9.3.10 | |
| PostgreSQL Common | =9.3.11 | |
| PostgreSQL Common | =9.3.12 | |
| PostgreSQL Common | =9.3.13 | |
| PostgreSQL Common | =9.3.14 | |
| PostgreSQL Common | =9.3.15 | |
| PostgreSQL Common | =9.3.16 | |
| PostgreSQL Common | =9.3.17 | |
| PostgreSQL Common | =9.3.18 | |
| PostgreSQL Common | =9.3.19 | |
| PostgreSQL Common | =9.4 | |
| PostgreSQL Common | =9.4.1 | |
| PostgreSQL Common | =9.4.2 | |
| PostgreSQL Common | =9.4.3 | |
| PostgreSQL Common | =9.4.4 | |
| PostgreSQL Common | =9.4.5 | |
| PostgreSQL Common | =9.4.6 | |
| PostgreSQL Common | =9.4.7 | |
| PostgreSQL Common | =9.4.8 | |
| PostgreSQL Common | =9.4.9 | |
| PostgreSQL Common | =9.4.10 | |
| PostgreSQL Common | =9.4.11 | |
| PostgreSQL Common | =9.4.12 | |
| PostgreSQL Common | =9.4.13 | |
| PostgreSQL Common | =9.4.14 | |
| PostgreSQL Common | =9.5 | |
| PostgreSQL Common | =9.5.1 | |
| PostgreSQL Common | =9.5.2 | |
| PostgreSQL Common | =9.5.3 | |
| PostgreSQL Common | =9.5.4 | |
| PostgreSQL Common | =9.5.5 | |
| PostgreSQL Common | =9.5.6 | |
| PostgreSQL Common | =9.5.7 | |
| PostgreSQL Common | =9.5.8 | |
| PostgreSQL Common | =9.5.9 | |
| PostgreSQL Common | =9.6 | |
| PostgreSQL Common | =9.6.1 | |
| PostgreSQL Common | =9.6.2 | |
| PostgreSQL Common | =9.6.3 | |
| PostgreSQL Common | =9.6.4 | |
| PostgreSQL Common | =9.6.5 | |
| PostgreSQL Common | =10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/101949
- http://www.securitytracker.com/id/1039752
- https://access.redhat.com/errata/RHSA-2017:3402
- https://access.redhat.com/errata/RHSA-2017:3403
- https://access.redhat.com/errata/RHSA-2017:3404
- https://access.redhat.com/errata/RHSA-2017:3405
- https://www.postgresql.org/about/news/1801/
- https://www.postgresql.org/support/security/
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1342437&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1342437&action=edit
- https://git.postgresql.org/gitweb/?p=postgresql.git;a=blob;f=contrib/start-scripts/linux;h=763a8064#l95
- http://pkgs.fedoraproject.org/cgit/rpms/postgresql.git/tree/postgresql.init?h=f7#n181
- http://pkgs.fedoraproject.org/cgit/rpms/postgresql.git/tree/postgresql.init?h=f7#n247
- https://github.com/devexp-db/postgresql-setup/blob/v5.1/share/postgresql-setup/library.sh.in#L135-L137
- https://github.com/devexp-db/postgresql-setup/blob/v5.1/postgresql-setup.in#L148
- https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=dfc015dcf46c1996bd7ed5866e9e045d258604b3
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1516000
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1515999
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1516002
- https://github.com/devexp-db/postgresql-setup/commit/86e6bb803775f889a3f100811b7038a3f4eb8519
- https://access.redhat.com/support/policy/updates/errata/
- https://bugzilla.redhat.com/show_bug.cgi?id=1498394
Frequently Asked Questions
What is the severity of CVE-2017-12172?
CVE-2017-12172 has a high severity rating as it allows database superusers to execute arbitrary code.
How do I fix CVE-2017-12172?
To fix CVE-2017-12172, upgrade PostgreSQL to version 10.1 or later, 9.6.6 or later, 9.5.10 or later, 9.4.15 or later, 9.3.20 or later, or 9.2.24 or later.
What versions of PostgreSQL are affected by CVE-2017-12172?
CVE-2017-12172 affects PostgreSQL versions up to 10.0, 9.6.5, 9.5.9, 9.4.14, 9.3.19, and 9.2.23.
What causes the vulnerability in CVE-2017-12172?
The vulnerability in CVE-2017-12172 is caused by PostgreSQL running under a non-root operating system account, allowing superusers to exploit it.
Is there a workaround for CVE-2017-12172 if I cannot upgrade?
Currently, there isn't a recommended workaround for CVE-2017-12172 except to upgrade to a patched version of PostgreSQL.
- agent/references
- agent/type
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/description
- agent/author
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-12172
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/postgresql
- canonical/postgresql common
- version/postgresql common/9.2
- version/postgresql common/9.2.1
- version/postgresql common/9.2.2
- version/postgresql common/9.2.3
- version/postgresql common/9.2.4
- version/postgresql common/9.2.5
- version/postgresql common/9.2.6
- version/postgresql common/9.2.7
- version/postgresql common/9.2.8
- version/postgresql common/9.2.9
- version/postgresql common/9.2.10
- version/postgresql common/9.2.11
- version/postgresql common/9.2.12
- version/postgresql common/9.2.13
- version/postgresql common/9.2.14
- version/postgresql common/9.2.15
- version/postgresql common/9.2.16
- version/postgresql common/9.2.17
- version/postgresql common/9.2.18
- version/postgresql common/9.2.19
- version/postgresql common/9.2.20
- version/postgresql common/9.2.21
- version/postgresql common/9.2.22
- version/postgresql common/9.2.23
- version/postgresql common/9.3
- version/postgresql common/9.3.1
- version/postgresql common/9.3.2
- version/postgresql common/9.3.3
- version/postgresql common/9.3.4
- version/postgresql common/9.3.5
- version/postgresql common/9.3.6
- version/postgresql common/9.3.7
- version/postgresql common/9.3.8
- version/postgresql common/9.3.9
- version/postgresql common/9.3.10
- version/postgresql common/9.3.11
- version/postgresql common/9.3.12
- version/postgresql common/9.3.13
- version/postgresql common/9.3.14
- version/postgresql common/9.3.15
- version/postgresql common/9.3.16
- version/postgresql common/9.3.17
- version/postgresql common/9.3.18
- version/postgresql common/9.3.19
- version/postgresql common/9.4
- version/postgresql common/9.4.1
- version/postgresql common/9.4.2
- version/postgresql common/9.4.3
- version/postgresql common/9.4.4
- version/postgresql common/9.4.5
- version/postgresql common/9.4.6
- version/postgresql common/9.4.7
- version/postgresql common/9.4.8
- version/postgresql common/9.4.9
- version/postgresql common/9.4.10
- version/postgresql common/9.4.11
- version/postgresql common/9.4.12
- version/postgresql common/9.4.13
- version/postgresql common/9.4.14
- version/postgresql common/9.5
- version/postgresql common/9.5.1
- version/postgresql common/9.5.2
- version/postgresql common/9.5.3
- version/postgresql common/9.5.4
- version/postgresql common/9.5.5
- version/postgresql common/9.5.6
- version/postgresql common/9.5.7
- version/postgresql common/9.5.8
- version/postgresql common/9.5.9
- version/postgresql common/9.6
- version/postgresql common/9.6.1
- version/postgresql common/9.6.2
- version/postgresql common/9.6.3
- version/postgresql common/9.6.4
- version/postgresql common/9.6.5
- version/postgresql common/10