The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.
References
Link | Resource |
---|---|
https://blog.mirch.io/2019/11/15/cve-2019-3466-debian-ubuntu-pg_ctlcluster-privilege-escalation/ | Exploit Patch Third Party Advisory |
https://usn.ubuntu.com/4194-2/ | |
https://blog.mirch.io/2019/11/15/cve-2019-3466-debian-ubuntu-pg_ctlcluster-privilege-escalation/ | Exploit Patch Third Party Advisory |
https://usn.ubuntu.com/4194-2/ |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 04:42
Type | Values Removed | Values Added |
---|---|---|
References | () https://blog.mirch.io/2019/11/15/cve-2019-3466-debian-ubuntu-pg_ctlcluster-privilege-escalation/ - Exploit, Patch, Third Party Advisory | |
References | () https://usn.ubuntu.com/4194-2/ - |
Information
Published : 2019-11-20 18:15
Updated : 2024-11-21 04:42
NVD link : CVE-2019-3466
Mitre link : CVE-2019-3466
CVE.ORG link : CVE-2019-3466
JSON object : View
Products Affected
canonical
- ubuntu_linux
postgresql
- postgresql-common
debian
- debian_linux
CWE
CWE-269
Improper Privilege Management