CVE-2018-1115

Name
CVE-2018-1115
Description
postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=7b34740
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1115
Third Party Advisory http://www.securityfocus.com/bid/104285
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2566
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2565
Third Party Advisory https://security.gentoo.org/glsa/201810-08
Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* postgresql >= 10.0 < 10.4
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* postgresql >= None < 9.6.9

Vulnerable and fixed packages

Source package Branch Version Maintainer Status