Insecure Handling of Symbolic Links in Debian PostgreSQL Scripts

Insecure Handling of Symbolic Links in Debian PostgreSQL Scripts

CVE-2017-8806 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.

Learn more about our Cis Benchmark Audit For Debian Linux.