How severe is CVE-2017-12172?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2017-12172?

This is classified as CWE-59, which is a common weakness in software security.

CVE-2017-12172

MEDIUM Year: 2017

CVSS v3 Score

6.7

Medium

CVSS v2 Score

7.2

High

Weakness Type

CWE-59

View all →

Vulnerability Description

PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server.

CVE-2009-1142

MEDIUM

CVSS:6.7(Medium)

An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory fu...

CWE-592009

CVE-2017-15097

MEDIUM

CVSS:6.7(Medium)

Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the serve...

CWE-592017

CVE-2017-9525

MEDIUM

CVSS:6.7(Medium)

In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks agai...

CWE-592017

CVE-2020-10665

MEDIUM

CVSS:6.7(Medium)

Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwri...

CWE-592020

CVE-2021-35938

MEDIUM

CVSS:6.7(Medium)

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original ...

CWE-592021

CVE-2021-35939

MEDIUM

CVSS:6.7(Medium)

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns anot...

CWE-592021

CVE-2017-12172

Vulnerability Description

Related Vulnerabilities

CVE-2009-1142

CVE-2017-15097

CVE-2017-9525

CVE-2020-10665

CVE-2021-35938

CVE-2021-35939