Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2018-1058 |
CWE-ID | CWE-427 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
postgresql (Alpine package) Operating systems & Components / Operating system package or component |
Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU10810
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-1058
CWE-ID:
CWE-427 - Uncontrolled Search Path Element
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in the pg_dump function due to improper security restrictions. A local attacker can submit a malicious function in separate namespaces and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
Vulnerable software versionspostgresql (Alpine package): 9.4.11-r0 - 9.5.11-r0
External linkshttp://git.alpinelinux.org/aports/commit/?id=5600c80ab97b0bed725ec1c24f981a765e54593b
http://git.alpinelinux.org/aports/commit/?id=c2110f5a7667d71596172fb142d3a573bb958c83
http://git.alpinelinux.org/aports/commit/?id=2b95c8929982c3ff86b48ffe921cf9ddff6aeebd
http://git.alpinelinux.org/aports/commit/?id=5f580c412de14f7329bf77293a1c8bbce8a74d48
http://git.alpinelinux.org/aports/commit/?id=a45f08a77099d6808f80e50d6dbc853fcd710cdb
http://git.alpinelinux.org/aports/commit/?id=624b75626de3a26e8b8af8fb50e6923d00562d04
http://git.alpinelinux.org/aports/commit/?id=311beaa3b05e1d5dfd1a3eedff4315f03ec9cc3e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.