CVE-2017-8806
MEDIUMPostgreSQL-related scripts for Debian and Ubuntu - Arbitrary File Overwrite via Insecure Symbolic Link Handling
Title source: llmDescription
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.
References (4)
Core 4
Core References
Broken Link, Issue Tracking, Third Party Advisory x_refsource_confirm
http://metadata.ftp-master.debian.org/changelogs/main/p/postgresql-common/postgresql-common_181+deb9u1_changelog
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101810
Issue Tracking, Third Party Advisory x_refsource_confirm
https://usn.ubuntu.com/usn/usn-3476-1/
Issue Tracking, Third Party Advisory x_refsource_confirm
https://www.debian.org/security/2017/dsa-4029
Scores
CVSS v3
5.5
EPSS
0.0013
EPSS Percentile
31.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-59
Status
published
Products (2)
n/a/PostgreSQL-related scripts that are specific to Debian and Ubuntu
PostgreSQL-related scripts that are specific to Debian and Ubuntu
postgresql/postgresql
Published
Nov 13, 2017
Tracked Since
Feb 18, 2026