CVE-2016-5424

Sažetak

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.

Reference

http://rhn.redhat.com/errata/RHSA-2016-1781.html
http://rhn.redhat.com/errata/RHSA-2016-1820.html
http://rhn.redhat.com/errata/RHSA-2016-1821.html
http://rhn.redhat.com/errata/RHSA-2016-2606.html
http://www.debian.org/security/2016/dsa-3646
http://www.securityfocus.com/bid/92435
http://www.securitytracker.com/id/1036617
https://access.redhat.com/errata/RHSA-2017:2425
https://security.gentoo.org/glsa/201701-33
https://www.postgresql.org/about/news/1688/
https://www.postgresql.org/docs/current/static/release-9-1-23.html
https://www.postgresql.org/docs/current/static/release-9-2-18.html
https://www.postgresql.org/docs/current/static/release-9-3-14.html
https://www.postgresql.org/docs/current/static/release-9-4-9.html
https://www.postgresql.org/docs/current/static/release-9-5-4.html

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:H/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

05-01-2018 - 02:31

Objavljeno

09-12-2016 - 23:59