CVE-2018-1053

NameCVE-2018-1053
DescriptionIn postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1271-1
NVD severitylow (attack range: local)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
postgresql-9.1 (PTS)jessie9.1.22-0+deb8u1fixed
jessie (security)9.1.16-0+deb8u1fixed
postgresql-9.4 (PTS)jessie9.4.18-0+deb8u1vulnerable
jessie (security)9.4.19-0+deb8u1vulnerable
postgresql-9.6 (PTS)stretch (security), stretch9.6.10-0+deb9u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
postgresql-10source(unstable)10.2-1low
postgresql-9.1source(unstable)(unfixed)low
postgresql-9.1sourcejessie(not affected)
postgresql-9.1sourcewheezy9.1.24lts2-0+deb7u2lowDLA-1271-1
postgresql-9.4source(unstable)(unfixed)low
postgresql-9.6source(unstable)(unfixed)low
postgresql-9.6sourcestretch9.6.7-0+deb9u1low

Notes

[jessie] - postgresql-9.4 <no-dsa> (Minor issue)
[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie is PL/Perl only)
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=6ba52aeb24e62586b51e77723d87627c18a844ca

Search for package or bug name: Reporting problems