VIR Vulnerability Intelligence Relay

CVE-2016-1255

high
Published 2017-12-05 ยท Modified 2026-05-13
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
7.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
7.8

Description

The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql.

Predictions

Exploit likelihood
75%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

OS impact
OSVersionStatusFixed in
suse slesaffected
debian debian7.0not-affected
debian debian8.0not-affected
ubuntu ubuntu12.04not-affected
ubuntu ubuntu14.04not-affected
ubuntu ubuntu16.04not-affected
ubuntu ubuntu17.04not-affected
ubuntu ubuntu17.10not-affected
debian debianbookwormfixed178
debian debianbullseyefixed178
debian debianforkyfixed178
debian debiansidfixed178
debian debiantrixiefixed178

Application impact
VendorProductVersionsFixed
debian debianpostgresql-common1
debian debianpostgresql-common2
debian debianpostgresql-common3
debian debianpostgresql-common4
debian debianpostgresql-common5
debian debianpostgresql-common6
debian debianpostgresql-common7
debian debianpostgresql-common8
debian debianpostgresql-common9
debian debianpostgresql-common10
debian debianpostgresql-common11
debian debianpostgresql-common12
debian debianpostgresql-common13
debian debianpostgresql-common14
debian debianpostgresql-common15
debian debianpostgresql-common16
debian debianpostgresql-common17
debian debianpostgresql-common18
debian debianpostgresql-common19
debian debianpostgresql-common20
debian debianpostgresql-common21
debian debianpostgresql-common22
debian debianpostgresql-common23
debian debianpostgresql-common24
debian debianpostgresql-common25
debian debianpostgresql-common26
debian debianpostgresql-common27
debian debianpostgresql-common28
debian debianpostgresql-common29
debian debianpostgresql-common30
debian debianpostgresql-common31
debian debianpostgresql-common32
debian debianpostgresql-common33
debian debianpostgresql-common34
debian debianpostgresql-common35
debian debianpostgresql-common36
debian debianpostgresql-common37
debian debianpostgresql-common38
debian debianpostgresql-common39
debian debianpostgresql-common40
debian debianpostgresql-common41
debian debianpostgresql-common42
debian debianpostgresql-common43
debian debianpostgresql-common44
debian debianpostgresql-common45
debian debianpostgresql-common46
debian debianpostgresql-common47
debian debianpostgresql-common48
debian debianpostgresql-common49
debian debianpostgresql-common50
debian debianpostgresql-common51
debian debianpostgresql-common52
debian debianpostgresql-common53
debian debianpostgresql-common54
debian debianpostgresql-common55
debian debianpostgresql-common56
debian debianpostgresql-common57
debian debianpostgresql-common58
debian debianpostgresql-common59
debian debianpostgresql-common60
debian debianpostgresql-common61
debian debianpostgresql-common62
debian debianpostgresql-common63
debian debianpostgresql-common64
debian debianpostgresql-common65
debian debianpostgresql-common66
debian debianpostgresql-common67
debian debianpostgresql-common68
debian debianpostgresql-common69
debian debianpostgresql-common70
debian debianpostgresql-common71
debian debianpostgresql-common72
debian debianpostgresql-common73
debian debianpostgresql-common74
debian debianpostgresql-common75
debian debianpostgresql-common76
debian debianpostgresql-common77
debian debianpostgresql-common78
debian debianpostgresql-common79
debian debianpostgresql-common80
debian debianpostgresql-common81
debian debianpostgresql-common82
debian debianpostgresql-common83
debian debianpostgresql-common84
debian debianpostgresql-common85
debian debianpostgresql-common86
debian debianpostgresql-common87
debian debianpostgresql-common88
debian debianpostgresql-common89
debian debianpostgresql-common90
debian debianpostgresql-common91
debian debianpostgresql-common92
debian debianpostgresql-common93
debian debianpostgresql-common94
debian debianpostgresql-common95
debian debianpostgresql-common96
debian debianpostgresql-common97
debian debianpostgresql-common98
debian debianpostgresql-common99
debian debianpostgresql-common100
debian debianpostgresql-common101
debian debianpostgresql-common102
debian debianpostgresql-common103
debian debianpostgresql-common104
debian debianpostgresql-common105
debian debianpostgresql-common106
debian debianpostgresql-common107
debian debianpostgresql-common108
debian debianpostgresql-common109
debian debianpostgresql-common110
debian debianpostgresql-common111
debian debianpostgresql-common112
debian debianpostgresql-common113
debian debianpostgresql-common114
debian debianpostgresql-common115
debian debianpostgresql-common116
debian debianpostgresql-common117
debian debianpostgresql-common118
debian debianpostgresql-common119
debian debianpostgresql-common120
debian debianpostgresql-common121
debian debianpostgresql-common122
debian debianpostgresql-common123
debian debianpostgresql-common124
debian debianpostgresql-common125
debian debianpostgresql-common126
debian debianpostgresql-common127
debian debianpostgresql-common128
debian debianpostgresql-common129
debian debianpostgresql-common130
debian debianpostgresql-common131
debian debianpostgresql-common132
debian debianpostgresql-common133
debian debianpostgresql-common134
debian debianpostgresql-common135
debian debianpostgresql-common136
debian debianpostgresql-common137
debian debianpostgresql-common138
debian debianpostgresql-common139
debian debianpostgresql-common140
debian debianpostgresql-common141
debian debianpostgresql-common142
debian debianpostgresql-common143
debian debianpostgresql-common144
debian debianpostgresql-common145
debian debianpostgresql-common146
debian debianpostgresql-common147
debian debianpostgresql-common148
debian debianpostgresql-common149
debian debianpostgresql-common150
debian debianpostgresql-common151
debian debianpostgresql-common152
debian debianpostgresql-common153
debian debianpostgresql-common154
debian debianpostgresql-common155
debian debianpostgresql-common156
debian debianpostgresql-common157
debian debianpostgresql-common158
debian debianpostgresql-common159
debian debianpostgresql-common160
debian debianpostgresql-common161
debian debianpostgresql-common162
debian debianpostgresql-common163
debian debianpostgresql-common164
debian debianpostgresql-common122ubuntu1
debian debianpostgresql-common129ubuntu1
debian debianpostgresql-common153bzr1
debian debianpostgresql-common154ubuntu1
debian debianpostgresql-common169git1
debian debianpostgresql-common170
debian debianpostgresql-common171
debian debianpostgresql-common172
debian debianpostgresql-common172ubuntu1
debian debianpostgresql-common173
debian debianpostgresql-common176\+git1
debian debianpostgresql-common177git1
debian debianpostgresql-common177ubuntu1
debian debianpostgresql-common178
debian debianpostgresql-common179
debian debianpostgresql-common181
debian debianpostgresql-common181ubuntu1
debian debianpostgresql-common183
debian debianpostgresql-common184
debian debianpostgresql-common184ubuntu1

References

CWEs

CWE-59

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.