High severity7.8NVD Advisory· Published Dec 5, 2017· Updated Jun 17, 2026
CVE-2016-1255
CVE-2016-1255
Description
The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql.
Affected products
186cpe:2.3:a:debian:postgresql-common:1:*:*:*:*:*:*:*+ 184 more
- cpe:2.3:a:debian:postgresql-common:1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:10:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:100:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:101:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:102:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:103:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:104:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:105:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:106:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:107:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:108:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:109:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:11:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:110:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:111:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:112:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:113:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:114:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:115:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:116:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:117:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:118:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:119:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:12:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:120:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:121:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:122:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:122ubuntu1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:123:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:124:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:125:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:126:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:127:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:128:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:129:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:129ubuntu1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:13:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:130:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:131:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:132:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:133:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:134:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:135:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:136:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:137:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:138:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:139:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:14:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:140:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:141:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:142:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:143:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:144:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:145:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:146:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:147:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:148:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:149:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:15:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:150:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:151:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:152:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:153:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:153bzr1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:154:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:154ubuntu1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:155:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:156:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:157:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:158:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:159:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:16:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:160:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:161:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:162:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:163:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:164:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:169git1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:17:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:170:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:171:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:172:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:172ubuntu1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:173:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:176\+git1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:177git1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:177ubuntu1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:178:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:179:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:18:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:181:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:181ubuntu1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:183:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:184:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:184ubuntu1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:19:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:20:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:21:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:22:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:23:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:24:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:25:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:26:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:27:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:28:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:29:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:3:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:30:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:31:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:32:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:33:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:34:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:35:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:36:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:37:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:38:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:39:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:4:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:40:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:41:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:42:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:43:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:44:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:45:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:46:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:47:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:48:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:49:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:5:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:50:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:51:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:52:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:53:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:54:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:55:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:56:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:57:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:58:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:59:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:6:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:60:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:61:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:62:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:63:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:64:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:65:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:66:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:67:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:68:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:69:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:7:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:70:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:71:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:72:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:73:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:74:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:75:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:76:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:77:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:78:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:79:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:8:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:80:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:81:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:82:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:83:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:84:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:85:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:86:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:87:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:88:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:89:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:9:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:90:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:91:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:92:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:93:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:94:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:95:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:96:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:97:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:98:*:*:*:*:*:*:*
- cpe:2.3:a:debian:postgresql-common:99:*:*:*:*:*:*:*
- (no CPE)range: <134wheezy5
- Range: <129ubuntu1.2
Patches
Vulnerability mechanics
References
4- anonscm.debian.org/cgit/pkg-postgresql/postgresql-common.git/commit/nvdIssue TrackingPatchVendor Advisory
- www.ubuntu.com/usn/USN-3476-1nvdIssue TrackingThird Party Advisory
- www.ubuntu.com/usn/USN-3476-2nvdIssue TrackingThird Party Advisory
- lists.debian.org/debian-lts-announce/2017/01/msg00002.htmlnvdIssue TrackingVendor Advisory
News mentions
0No linked articles in our index yet.