CVE-2018-1115

Published: 10 May 2018

postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.

Priority

Low

CVSS 3 base score: 9.1

Status

Package Release Status
postgresql-10
Launchpad, Ubuntu, Debian
Upstream
Released (10.4)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (10.4-0ubuntu0.18.04)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

postgresql-9.1
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(code not present)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])
postgresql-9.3
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(code not present)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
postgresql-9.5
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(code not present)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

postgresql-9.6
Launchpad, Ubuntu, Debian
Upstream
Released (9.6.9)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist