CVE-2018-1053

Impact:
Moderate
Public Date:
2018-02-08
CWE:
CWE-377
Bugzilla:
1539619: CVE-2018-1053 postgresql: pg_upgrade creates file of sensitive metadata under prevailing umask
pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the file, which may contain encrypted or unencrypted database passwords. The attack is unfeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file.

Find out more about CVE-2018-1053 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue affects the versions of PostgreSQL 9.x as shipped with Red Hat Satellite 5.x and CloudForms 5.x. Red Hat Product Security has rated this issue as having a security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 6.7
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity Impact High
Availability Impact High

Affected Packages State

Platform Package State
Red Hat Software Collections for Red Hat Enterprise Linux rh-postgresql10-postgresql Under investigation
Red Hat Software Collections for Red Hat Enterprise Linux rh-postgresql95-postgresql Under investigation
Red Hat Software Collections for Red Hat Enterprise Linux rh-postgresql96-postgresql Under investigation
Red Hat Software Collections for Red Hat Enterprise Linux rh-postgresql94-postgresql Under investigation
Red Hat Single Sign-On 7 postgresql Not affected
Red Hat Satellite 5 postgresql95-postgresql Will not fix
Red Hat Mobile Application Platform On-Premise 4 postgresql Not affected
Red Hat JBoss Operations Network 3 postgresql Not affected
Red Hat JBoss Fuse Service Works 6 postgresql Not affected
Red Hat Enterprise Linux 7 postgresql Not affected
Red Hat Enterprise Linux 6 postgresql Not affected
Red Hat Enterprise Linux 5 postgresql84 Not affected
Red Hat Enterprise Linux 5 postgresql Not affected

Acknowledgements

Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Tom Lane as the original reporter.

External References

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.