CVE-2016-5424 Information

Description

PostgreSQL before 9.1.23 9.2.x before 9.2.18 9.3.x before 9.3.14 9.4.x before 9.4.9 and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) \ (double quote) (2) \ (backslash) (3) carriage return or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Reference

http://rhn.redhat.com/errata/RHSA-2016-1781.html http://rhn.redhat.com/errata/RHSA-2016-1820.html http://rhn.redhat.com/errata/RHSA-2016-1821.html http://rhn.redhat.com/errata/RHSA-2016-2606.html http://www.debian.org/security/2016/dsa-3646 http://www.securityfocus.com/bid/92435 http://www.securitytracker.com/id/1036617 https://access.redhat.com/errata/RHSA-2017:2425 https://security.gentoo.org/glsa/201701-33 https://www.postgresql.org/about/news/1688/ https://www.postgresql.org/docs/current/static/release-9-1-23.html https://www.postgresql.org/docs/current/static/release-9-2-18.html https://www.postgresql.org/docs/current/static/release-9-3-14.html https://www.postgresql.org/docs/current/static/release-9-4-9.html https://www.postgresql.org/docs/current/static/release-9-5-4.html

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.1