Debian Postgresql-common CVE-2017-8806 Multiple Insecure Temporary File Handling Vulnerabilities



Debian PostgreSQL-common is prone to multiple insecure-temporary-file handling vulnerabilities.

An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files or cause a denial-of-service condition.

Information

Bugtraq ID: 101810
Class: Design Error
CVE: CVE-2017-8806

Remote: No
Local: Yes
Published: Nov 13 2017 12:00AM
Updated: Nov 15 2017 02:07PM
Credit: Christoph Berg
Vulnerable: Ubuntu Ubuntu Linux 17.10
Ubuntu Ubuntu Linux 17.04
Ubuntu Ubuntu Linux 16.04 LTS
Debian postgresql-common 181
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 ia-30
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Debian Linux 6


Not Vulnerable: Debian postgresql-common 181+deb9u1


Exploit


Attackers can use standard commands to exploit these issues.


References:

Related Posts