VDB
CVE-2016-1255
CVE-2016-1255
PUBLISHED
The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql.
EPSS 0.03% · 10.5th percentile
Risk Scores
EPSS Score
0.03%
10.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | postgresql-common | 154ubuntu1, 148, 150 |
| Ubuntu:16.04:LTS | postgresql-common | 170, 171, 172 |
Timeline
- Dec 20, 2016 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-1255 third-party-advisory
- https://anonscm.debian.org/cgit/pkg-postgresql/postgresql-common.git/log/ third-party-advisory
- https://ubuntu.com/security/notices/USN-3476-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-3476-2 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-1255 third-party-advisory