Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
CVE ID: | CVE-2018-1053 |
Description: | In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file. |
Test IDs: | 1.3.6.1.4.1.25623.1.0.812955 1.3.6.1.4.1.25623.1.0.891271 1.3.6.1.4.1.25623.1.0.812954 1.3.6.1.4.1.25623.1.0.843732 1.3.6.1.4.1.25623.1.1.4.2018.0675.1 1.3.6.1.4.1.25623.1.1.4.2018.0507.1 1.3.6.1.4.1.25623.1.1.4.2018.0506.1 |
Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-1053 BugTraq ID: 102986 http://www.securityfocus.com/bid/102986 https://lists.debian.org/debian-lts-announce/2018/02/msg00006.html RedHat Security Advisories: RHSA-2018:2511 https://access.redhat.com/errata/RHSA-2018:2511 RedHat Security Advisories: RHSA-2018:2566 https://access.redhat.com/errata/RHSA-2018:2566 RedHat Security Advisories: RHSA-2018:3816 https://access.redhat.com/errata/RHSA-2018:3816 https://usn.ubuntu.com/3564-1/ |