漏洞类别:Local
漏洞等级: 
漏洞信息
PostgreSQL, often simply Postgres, is an object-relational database management system (ORDBMS).
Following vulnerabilities are fixed:
CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges
Affected Versions:
PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 QID Detection Logic(Authenticated)
This checks for vulnerable versions of PostgreSQL.
漏洞危害
On successful exploitation it often suffices for the database superuser to escalate to root privileges when root starts the server.
解决方案
Vendor has released fix. Refer advisory here
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论