CVE-2016-0766

HIGH

PostgreSQL <9.1.20-9.5.1 - Privilege Escalation

Title source: llm

Description

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.

References (17)

Core 17

Core References

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html

Vendor Advisory x_refsource_confirm

http://www.postgresql.org/docs/current/static/release-9-3-11.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html

Vendor Advisory x_refsource_confirm

http://www.postgresql.org/docs/current/static/release-9-2-15.html

Vendor Advisory x_refsource_confirm

http://www.postgresql.org/docs/current/static/release-9-5-1.html

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201701-33

Vendor Advisory x_refsource_confirm

http://www.postgresql.org/about/news/1644/

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1035005

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/83184

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.html

Vendor Advisory x_refsource_confirm

http://www.postgresql.org/docs/current/static/release-9-4-6.html

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2894-1

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html

Vendor Advisory x_refsource_confirm

http://www.postgresql.org/docs/current/static/release-9-1-20.html

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2016/dsa-3476

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2016/dsa-3475

Scores

CVSS v3 8.8

EPSS 0.0051

EPSS Percentile 66.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-264

Status published

Products (7)

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 15.10

debian/debian_linux 7.0

debian/debian_linux 8.0

postgresql/postgresql 9.5

postgresql/postgresql 9.1.0 - 9.1.20

Published Feb 17, 2016

Tracked Since Feb 18, 2026