Vulnerability Details : CVE-2017-15097
Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.
Vulnerability category: Gain privilege
Products affected by CVE-2017-15097
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-15097
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-15097
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
6.7
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.8
|
5.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H |
0.6
|
5.9
|
Red Hat, Inc. |
CWE ids for CVE-2017-15097
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by:
- nvd@nist.gov (Secondary)
- secalert@redhat.com (Primary)
References for CVE-2017-15097
-
https://access.redhat.com/errata/RHSA-2017:3404
RHSA-2017:3404 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securitytracker.com/id/1039983
Red Hat PostgreSQL Race Condition in Initialization Scripts Lets Local Users Obtain Root Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2017:3403
RHSA-2017:3403 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:3402
RHSA-2017:3402 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15097
1508985 – (CVE-2017-15097) CVE-2017-15097 postgresql: Start scripts permit database administrator to modify root-owned filesIssue Tracking;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:3405
RHSA-2017:3405 - Security Advisory - Red Hat Customer PortalThird Party Advisory
Jump to