vulnerability
Oracle Linux: CVE-2016-5424: ELSA-2016-2606: postgresql security and bug fix update (MODERATE)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
7 | (AV:N/AC:H/Au:M/C:C/I:C/A:C) | Aug 11, 2016 | Nov 9, 2016 | Nov 29, 2024 |
Severity
7
CVSS
(AV:N/AC:H/Au:M/C:C/I:C/A:C)
Published
Aug 11, 2016
Added
Nov 9, 2016
Modified
Nov 29, 2024
Description
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.
A flaw was found in the way PostgreSQL client programs handled database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable client program.
A flaw was found in the way PostgreSQL client programs handled database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable client program.
Solution(s)
oracle-linux-upgrade-postgresqloracle-linux-upgrade-postgresql-contriboracle-linux-upgrade-postgresql-develoracle-linux-upgrade-postgresql-docsoracle-linux-upgrade-postgresql-libsoracle-linux-upgrade-postgresql-plperloracle-linux-upgrade-postgresql-plpythonoracle-linux-upgrade-postgresql-pltcloracle-linux-upgrade-postgresql-serveroracle-linux-upgrade-postgresql-testoracle-linux-upgrade-postgresql-upgrade

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.