CVE-2017-15097

Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Affected Products (NVD)
VendorProductVersion
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
7.4
redhatenterprise_linux_server_eus
7.4
redhatenterprise_linux_server_eus
7.5
redhatenterprise_linux_workstation
7.0
𝑥
= Vulnerable software versions
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
postgresql
RHEL 7
0:9.2.23-3.el7_4
fixed
postgresql-contrib
RHEL 7
0:9.2.23-3.el7_4
fixed
postgresql-devel
RHEL 7
0:9.2.23-3.el7_4
fixed
postgresql-docs
RHEL 7
0:9.2.23-3.el7_4
fixed
postgresql-libs
RHEL 7
0:9.2.23-3.el7_4
fixed
postgresql-plperl
RHEL 7
0:9.2.23-3.el7_4
fixed
postgresql-plpython
RHEL 7
0:9.2.23-3.el7_4
fixed
postgresql-pltcl
RHEL 7
0:9.2.23-3.el7_4
fixed
postgresql-server
RHEL 7
0:9.2.23-3.el7_4
fixed
postgresql-static
RHEL 7
0:9.2.23-3.el7_4
fixed
postgresql-test
RHEL 7
0:9.2.23-3.el7_4
fixed
postgresql-upgrade
RHEL 7
0:9.2.23-3.el7_4
fixed
Common Weakness Enumeration
References
http://www.securitytracker.com/id/1039983
https://access.redhat.com/errata/RHSA-2017:3402
https://access.redhat.com/errata/RHSA-2017:3403
https://access.redhat.com/errata/RHSA-2017:3404
https://access.redhat.com/errata/RHSA-2017:3405
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15097
http://www.securitytracker.com/id/1039983
https://access.redhat.com/errata/RHSA-2017:3402
https://access.redhat.com/errata/RHSA-2017:3403
https://access.redhat.com/errata/RHSA-2017:3404
https://access.redhat.com/errata/RHSA-2017:3405
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15097