UNIX Symbolic Link (Symlink) Following

CVE-2017-14798

High

7.3/10

Summary

A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-61 - UNIX Symbolic Link (Symlink) Following

The software, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.

References

Advisory Timeline

Published Mar 01, 2018

UNIX Symbolic Link (Symlink) Following

CVE-2017-14798

Summary

CWE-61 - UNIX Symbolic Link (Symlink) Following

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS