VYPR
High severity7.8NVD Advisory· Published Dec 5, 2017· Updated Jun 17, 2026

CVE-2016-1255

CVE-2016-1255

Description

The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql.

Affected products

186
  • cpe:2.3:a:debian:postgresql-common:1:*:*:*:*:*:*:*+ 184 more
    • cpe:2.3:a:debian:postgresql-common:1:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:10:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:100:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:101:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:102:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:103:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:104:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:105:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:106:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:107:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:108:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:109:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:11:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:110:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:111:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:112:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:113:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:114:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:115:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:116:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:117:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:118:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:119:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:12:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:120:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:121:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:122:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:122ubuntu1:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:123:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:124:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:125:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:126:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:127:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:128:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:129:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:129ubuntu1:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:13:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:130:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:131:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:132:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:133:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:134:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:135:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:136:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:137:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:138:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:139:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:14:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:140:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:141:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:142:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:143:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:144:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:145:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:146:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:147:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:148:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:149:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:15:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:150:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:151:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:152:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:153:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:153bzr1:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:154:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:154ubuntu1:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:155:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:156:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:157:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:158:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:159:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:16:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:160:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:161:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:162:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:163:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:164:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:169git1:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:17:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:170:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:171:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:172:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:172ubuntu1:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:173:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:176\+git1:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:177git1:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:177ubuntu1:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:178:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:179:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:18:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:181:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:181ubuntu1:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:183:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:184:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:184ubuntu1:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:19:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:2:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:20:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:21:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:22:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:23:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:24:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:25:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:26:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:27:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:28:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:29:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:3:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:30:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:31:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:32:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:33:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:34:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:35:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:36:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:37:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:38:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:39:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:4:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:40:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:41:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:42:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:43:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:44:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:45:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:46:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:47:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:48:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:49:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:5:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:50:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:51:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:52:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:53:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:54:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:55:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:56:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:57:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:58:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:59:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:6:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:60:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:61:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:62:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:63:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:64:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:65:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:66:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:67:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:68:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:69:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:7:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:70:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:71:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:72:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:73:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:74:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:75:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:76:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:77:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:78:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:79:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:8:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:80:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:81:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:82:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:83:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:84:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:85:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:86:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:87:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:88:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:89:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:9:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:90:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:91:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:92:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:93:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:94:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:95:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:96:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:97:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:98:*:*:*:*:*:*:*
    • cpe:2.3:a:debian:postgresql-common:99:*:*:*:*:*:*:*
    • (no CPE)range: <134wheezy5
  • Range: <129ubuntu1.2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.