Strix
26.1K

CVE-2016-1255

UnknownEPSS 0.42%

Last modified

CVE-2016-1255 is a vulnerability of currently unknown severity. The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql.. EPSS estimates a 0.42% chance of exploitation in the next 30 days.

Description

The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql.

Metrics

EPSS Probability
0.42%

33.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
DebianPostgresql-Common1
DebianPostgresql-Common2
DebianPostgresql-Common3
DebianPostgresql-Common4
DebianPostgresql-Common5
DebianPostgresql-Common6
DebianPostgresql-Common7
DebianPostgresql-Common8
DebianPostgresql-Common9
DebianPostgresql-Common10
DebianPostgresql-Common11
DebianPostgresql-Common12
DebianPostgresql-Common13
DebianPostgresql-Common14
DebianPostgresql-Common15
DebianPostgresql-Common16
DebianPostgresql-Common17
DebianPostgresql-Common18
DebianPostgresql-Common19
DebianPostgresql-Common20
DebianPostgresql-Common21
DebianPostgresql-Common22
DebianPostgresql-Common23
DebianPostgresql-Common24
DebianPostgresql-Common25
DebianPostgresql-Common26
DebianPostgresql-Common27
DebianPostgresql-Common28
DebianPostgresql-Common29
DebianPostgresql-Common30
DebianPostgresql-Common31
DebianPostgresql-Common32
DebianPostgresql-Common33
DebianPostgresql-Common34
DebianPostgresql-Common35
DebianPostgresql-Common36
DebianPostgresql-Common37
DebianPostgresql-Common38
DebianPostgresql-Common39
DebianPostgresql-Common40
DebianPostgresql-Common41
DebianPostgresql-Common42
DebianPostgresql-Common43
DebianPostgresql-Common44
DebianPostgresql-Common45
DebianPostgresql-Common46
DebianPostgresql-Common47
DebianPostgresql-Common48
DebianPostgresql-Common49
DebianPostgresql-Common50

Showing 50 of 184 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2016-1255?
The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql.
How severe is CVE-2016-1255?
Severity scoring for CVE-2016-1255 is pending analysis. The EPSS model estimates a 0.42% probability of exploitation in the next 30 days.
How do I fix CVE-2016-1255?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-1255?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST