throbber
The Wayback Machine - https://web.archive.org/web/20190103092517/https://www.cvedetails.com/cve/CVE-2017-12172/
`
`CVE Details
`
`The ultimate security vulvterability datasource
`Log In Register
`
`(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
`
`Search
`
`[ View CVE
`
`Vulnerability Feeds & WidgetsNew
`
`www.itsecdb.com
`
`Switch to http/1
`Home
`Browse :
`Vendors
`Products
`Vulnerabilities By Date
`Vulnerabilities By Type
`Reports :
`CVSS Score Report
`CVSS Score Distribution
`Search :
`Vendor Search
`Product Search
`Version Search
`Vulnerability Search
`y Microsoft References
`Top 50 :
`Vendors
`Vendor Cvss Scores
`Products
`Product Cvss Scores
`Versions
`Other :
`Microsoft Bulletins
`Bugtraq Entries
`CWE Definitions
`About & Contact
`Feedback
`CVE Help
`
`Articles
`External Links :
`NVD Website
`CWE Web Site
`
`View CVE :
`
`Go
`(e.g.: CVE-2009-1234 or
`2010-1234 or 20101234)
`
`View BID :
`
`Go
`
`(e.g.: 12345)
`
`Search By Microsoft
`Reference ID:
`
`Go
`(e.g.: ms10-001 or
`979352)
`
`Vulnerability Details : CVE-2017-12172
`
`PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20,
`
`and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective
`
`ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database
`
`server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-
`
`authored startup implementations. Several implementations use a log file name that the database superuser can
`
`replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices
`
`for the database superuser to escalate to root privileges when root starts the server.
`
`Publish Date : 2017-11-22 Last Update Date : 2017-12-11
`
`•
`
`Collapse All Expand All Select Select&Copy
`
`Scroll To
`
`Comments
`
`External Links
`
`Search Twitter Search YouTube Search Google
`
`- CVSS Scores & Vulnerability Types
`
`CVSS Score
`
`7.2
`
`Confidentiality Impact
`
`Complete (There is total information disclosure, resulting in all system files being revealed.)
`
`Integrity Impact
`
`Availability Impact
`
`Access Complexity
`
`Authentication
`
`Gained Access
`
`Vulnerability Type(s)
`
`CWE ID
`
`Complete (There is a total compromise of system integrity. There is a complete loss of
`system protection, resulting in the entire system being compromised.)
`
`Complete (There is a total shutdown of the affected resource. The attacker can render the
`resource completely unavailable.)
`
`Low (Specialized access conditions or extenuating circumstances do not exist. Very little
`knowledge or skill is required to exploit. )
`
`Not required (Authentication is not required to exploit the vulnerability.)
`
`None
`
`59
`
`— Related OVAL Definitions
`
`RHSA-2017:3402: postgresql security update (Moderate) oval:com.redhat.rhsa:def: 20173402
`
`unix
`
`Title
`
`Definition Id
`
`Class Family
`
`OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch.
`Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.
`
`- Products Affected By CVE-2017-12172
`
`# Product Type Vendor
`
`Product Version Update Edition Language
`
`1 Application Postgresql Postgresql 9.2
`
`2 Application Postgresql Postgresql 9.2.1
`
`3 Application Postgresql Postgresql 9.2.2
`
`4 Application Postgresql Postgresql 9.2.3
`
`5 Application Postgresql Postgresql 9.2.4
`
`6 Application Postgresql Postgresql 9.2.5
`
`7 Application Postgresql Postgresql 9.2.6
`
`8 Application Postgresql Postgresql 9.2.7
`
`9 Application Postgresql Postgresql 9.2.8
`
`10 Application Postgresql Postgresql 9.2.9
`
`11 Application Postgresql Postgresql 9.2.10
`
`12 Application Postoresol Postgresol 9.2.11
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`WIZ, Inc. EXHIBIT - 1104
`WIZ, Inc. v. Orca Security LTD.
`
`

`

`13
`
`Application Postgresql Postgresql 9.2.12
`
`14
`
`Application Postgresql Postg=1 9.2.13
`
`15
`
`Application Postgresql Postgresql 9.2.14
`
`16
`
`Application Postgresql Postgresql 9.2.15
`
`17
`
`Application Postgresql Postgresql 9.2.16
`
`18
`
`Application Postgresql Postgresql 9.2.17
`
`19
`
`Application Postgresql Postgresql 9.2.18
`
`20
`
`Application Postgresql Postqresql 9.2.19
`
`21
`
`Application Postgresql Postgresql 9.2.20
`
`22 Application Postgresql Postgresql 9.2.21
`
`23 Application Postgresql Postgresql 9.2.22
`
`24
`
`Application Postgresql Postgresql 9.2.23
`
`25
`
`Application Postgresql Postgresql 9.3
`
`26
`
`Application Postqresql Postgresql 9.3.1
`
`27
`
`Application Postgresql Postgresql 9.3.2
`
`28
`
`Application Postgresql Postgresql 9.3.3
`
`29
`
`Application Postgresql Postgresql 9.3.4
`
`30
`
`Application Postgresql Postgresql 9.3.5
`
`31
`
`Application Postgresql Postgresql 9.3.6
`
`32
`
`Application Postgresql Postgresql 9.3.7
`
`33
`
`Application Postgresql Postgresql 9.3.8
`
`34
`
`Application Postgresql Postgresql 9.3.9
`
`35 Application Postgresql Postgresql 9.3.10
`
`36 Application Postgresql Postgresql 9.3.11
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`37
`
`Application Postgresql Postgresql 9.3.12
`
`38
`
`Application Postgresql Postgresql 9.3.13
`
`39
`
`Application Postqresql Postgresql 9.3.14
`
`40
`
`Application Postgresql Postgresql 9.3.15
`
`41 Application Postgresql Postgresql 9.3.16
`
`42 Application Postgresql Postgresql 9.3.17
`
`43
`
`Application Postgresql Postgresql 9.3.18
`
`44
`
`Application Postgresql Postgresql 9.3.19
`
`45
`
`Application Postgresql Postgresql 9.4
`
`46
`
`Application Postgresql Postgresql 9.4.1
`
`47 Application Postgresql Postgresql 9.4.2
`
`48 Application Postgresql Postgresql 9.4.3
`
`49 Application Postgresql Postgresql 9.4.4
`
`50
`
`Application Postgresql Postgresql 9.4.5
`
`51
`
`Application Postgresql Postgresql 9.4.6
`
`52
`
`Application Postgresql Postgresql 9.4.7
`
`53 Application Postgresql Postgresql 9.4.8
`
`54 Application Postgresql Postgresql 9.4.9
`
`55 Application Postqresql Postqresql 9.4.10
`
`56
`
`Application Postgresql Postgresql 9.4.11
`
`57
`
`Application Postgresql Postgresql 9.4.12
`
`58
`
`Application Postqresql Postqresql 9.4.13
`
`59
`
`Application Postgresql Postgresql 9.4.14
`
`60 Application Postgresql Postgresql 9.5
`
`61 Application Postgresql Postgresql 9.5.1
`
`62 Application Postgresql Postgresql 9.5.2
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`

`

`63 Application Postgresql Postgresgl 9.5.3
`
`64 Application Postgresql Postg=1 9.5.4
`
`65 Application Postgresql Postgresql 9.5.5
`
`66 Application Postgresql Postgresql 9.5.6
`
`67 Application Postgresql Postgresql 9.5.7
`
`68 Application Postgresql Postgresql 9.5.8
`
`69 Application Postgresql Postgresql 9.5.9
`
`70 Application Postgresql Postgresql 9.6
`
`71 Application Postgresql Postgresql 9.6.1
`
`72 Application Postgresql Postgresql 9.6.2
`
`73 Application Postal-esti! Posturesal 9.6.3
`
`74 Application Postgresql Postgresql 9.6.4
`
`75 Application Postgresql Postgresql 9.6.5
`
`76 Application Postgresql Postal-esti! 10
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`Version Details Vulnerabilities
`
`— Number Of Affected Versions By Product
`
`Vendor
`
`Product
`
`Vulnerable Versions
`
`Postgresql
`
`Postgresql
`
`- References For CVE-2017-12172
`
`https://www.postgi=Lorg&ipport security(
`
`76
`
`http://www.securityfocus.com/bid/101949
`BID 101949 PostgreSQL CVE-2017-12172 Remote Privilege Escalation Vulnerabilities Release Date:2017-12-01
`
`http://www.securitytracker.com/id/1039752
`SECTRACK 1039752
`
`https://access.redhat.com/errata/RHSA-2017:3402
`REDHAT RHSA-2017:3402
`
`https://access.redhat.com/errata/RHSA-2017:3405
`REDHAT RHSA-2017:3405
`
`http
`
`cpostgresql.org/about/news/1801/ CONFIRM
`
`https://access.redhat.com/errata/RHSA-2017:3404
`REDHAT RHSA-2017:3404
`
`https://access.redhat.com/errata/RHSA-2017:3403
`REDHAT RHSA-2017:3403
`
`— Metasploit Modules Related To CVE-2017-12172
`
`There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)
`
`How does it work? Known limitations & technical details User agreement. disclaimer and privacy statement About & Contact Feedback
`CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the
`authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
`Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is
`at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY
`
`RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY
`DIRECT, INDIRECT or any other kind of loss.
`
`

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket