CVE-2017-14798

HIGH

PostgreSQL - Privilege Escalation via Race Condition in Init Script

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-14798. PoCs published by Johannes Segitz.

AI-analyzed exploit summary This exploit leverages a symbolic link vulnerability in PostgreSQL's data directory initialization to escalate privileges. By replacing the data directory with a symlink to /etc/cron.hourly, the attacker gains write access to cron jobs, allowing arbitrary command execution as root.

Description

A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.

Exploits (1)

exploitdb WORKING POC
by Johannes Segitz · bashlocallinux
https://www.exploit-db.com/exploits/45184

This exploit leverages a symbolic link vulnerability in PostgreSQL's data directory initialization to escalate privileges. By replacing the data directory with a symlink to /etc/cron.hourly, the attacker gains write access to cron jobs, allowing arbitrary command execution as root.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: PostgreSQL before postgresql-init-9.4-0.5.3.1
Auth required
Prerequisites: Access to the 'postgres' user account · Ability to restart the PostgreSQL service
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45184/
Issue Tracking x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=1062722
Various Sources x_refsource_confirm
https://www.suse.com/de-de/security/cve/CVE-2017-14798/

Scores

CVSS v3 7.3
EPSS 0.0098
EPSS Percentile 57.4%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-362 CWE-61
Status published
Products (2)
postgresql/postgresql < 9.4-0.5.3.1
suse/suse_linux_enterprise_server 11 sp3
Published Mar 01, 2018
Tracked Since Feb 18, 2026