CVE-2018-1053

CVE-2018-1053

Name

CVE-2018-1053

Description

In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Patch	https://www.postgresql.org/about/news/1829/
Mailing List	https://lists.debian.org/debian-lts-announce/2018/02/msg00006.html
Third Party Advisory	http://www.securityfocus.com/bid/102986
Third Party Advisory	https://usn.ubuntu.com/3564-1/
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:2511
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:2566
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:3816

Type

URI

Patch

https://www.postgresql.org/about/news/1829/

Mailing List

https://lists.debian.org/debian-lts-announce/2018/02/msg00006.html

Third Party Advisory

http://www.securityfocus.com/bid/102986

Third Party Advisory

https://usn.ubuntu.com/3564-1/

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2511

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2566

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3816

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:postgresql:postgresql::::::::`	postgresql	>= 9.4.0	< 9.4.16
`cpe:2.3:a:postgresql:postgresql::::::::`	postgresql	>= 9.6.0	< 9.6.7
`cpe:2.3:a:postgresql:postgresql:10.1:::::::*`	postgresql	== None	== 10.1
`cpe:2.3:a:postgresql:postgresql::::::::`	postgresql	>= 9.3.0	< 9.3.21
`cpe:2.3:a:postgresql:postgresql::::::::`	postgresql	>= 9.5.0	< 9.5.11
`cpe:2.3:a:postgresql:postgresql:10.0:::::::*`	postgresql	== None	== 10.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*

postgresql

>= 9.4.0

< 9.4.16

cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*

postgresql

>= 9.6.0

< 9.6.7

cpe:2.3:a:postgresql:postgresql:10.1:*:*:*:*:*:*:*

postgresql

== None

== 10.1

cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*

postgresql

>= 9.3.0

< 9.3.21

cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*

postgresql

>= 9.5.0

< 9.5.11

cpe:2.3:a:postgresql:postgresql:10.0:*:*:*:*:*:*:*

postgresql

== None

== 10.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
postgresql15	edge-main	10.2-r0	None	fixed
postgresql15	edge-community	10.2-r0	None	fixed
postgresql15	3.20-main	10.2-r0	None	fixed
postgresql15	3.19-main	10.2-r0	None	fixed
postgresql15	3.18-main	10.2-r0	None	fixed
postgresql15	3.17-main	10.2-r0	None	fixed
postgresql14	edge-main	10.2-r0	None	fixed
postgresql14	edge-community	10.2-r0	None	fixed
postgresql14	3.20-community	10.2-r0	None	fixed
postgresql14	3.19-community	10.2-r0	None	fixed
postgresql14	3.18-main	10.2-r0	None	fixed
postgresql14	3.17-main	10.2-r0	None	fixed
postgresql	edge-main	10.2-r0	None	fixed
postgresql	edge-main	10.1-r0	None	possibly vulnerable
postgresql	edge-main	9.6.4-r0	None	possibly vulnerable
postgresql	edge-main	9.6.3-r0	None	possibly vulnerable
postgresql	3.12-main	10.2-r0	None	fixed
postgresql	3.11-main	10.2-r0	None	fixed
postgresql	3.10-main	10.2-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

postgresql15

edge-main

10.2-r0

None

fixed

postgresql15

edge-community