CVE-2016-5424
Published: 11 August 2016
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
postgresql-8.4 Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
postgresql-9.1 Launchpad, Ubuntu, Debian |
precise |
Released
(9.1.23-0ubuntu0.12.04)
|
| trusty |
Released
(9.1.23-0ubuntu0.14.04)
|
|
| upstream |
Released
(9.1.23)
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
postgresql-9.3 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Released
(9.3.14-0ubuntu0.14.04)
|
|
| upstream |
Released
(9.3.14)
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
postgresql-9.5 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| upstream |
Released
(9.5.4)
|
|
| xenial |
Released
(9.5.4-0ubuntu0.16.04)
|
|
| yakkety |
Not vulnerable
(9.5.4-1)
|
|
| zesty |
Does not exist
|
|
|
Patches: upstream: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=fcd15f13581f6d75c63d213220d5a94889206c1b |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.1 |
| Attack vector | Network |
| Attack complexity | High |
| Privileges required | Low |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |