Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-1255

The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql.

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 7.8, requiring local system access to exploit with relatively low complexity without requiring user interaction requiring only low-level privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 3 products from debian, from debian, from canonical organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2017, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.

Published

2017-12-05T16:29:00.373

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-59

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	debian	postgresql-common	1	Yes
Application	debian	postgresql-common	2	Yes
Application	debian	postgresql-common	3	Yes
Application	debian	postgresql-common	4	Yes
Application	debian	postgresql-common	5	Yes
Application	debian	postgresql-common	6	Yes
Application	debian	postgresql-common	7	Yes
Application	debian	postgresql-common	8	Yes
Application	debian	postgresql-common	9	Yes
Application	debian	postgresql-common	10	Yes
Application	debian	postgresql-common	11	Yes
Application	debian	postgresql-common	12	Yes
Application	debian	postgresql-common	13	Yes
Application	debian	postgresql-common	14	Yes
Application	debian	postgresql-common	15	Yes
Application	debian	postgresql-common	16	Yes
Application	debian	postgresql-common	17	Yes
Application	debian	postgresql-common	18	Yes
Application	debian	postgresql-common	19	Yes
Application	debian	postgresql-common	20	Yes
Application	debian	postgresql-common	21	Yes
Application	debian	postgresql-common	22	Yes
Application	debian	postgresql-common	23	Yes
Application	debian	postgresql-common	24	Yes
Application	debian	postgresql-common	25	Yes
Application	debian	postgresql-common	26	Yes
Application	debian	postgresql-common	27	Yes
Application	debian	postgresql-common	28	Yes
Application	debian	postgresql-common	29	Yes
Application	debian	postgresql-common	30	Yes
Application	debian	postgresql-common	31	Yes
Application	debian	postgresql-common	32	Yes
Application	debian	postgresql-common	33	Yes
Application	debian	postgresql-common	34	Yes
Application	debian	postgresql-common	35	Yes
Application	debian	postgresql-common	36	Yes
Application	debian	postgresql-common	37	Yes
Application	debian	postgresql-common	38	Yes
Application	debian	postgresql-common	39	Yes
Application	debian	postgresql-common	40	Yes
Application	debian	postgresql-common	41	Yes
Application	debian	postgresql-common	42	Yes
Application	debian	postgresql-common	43	Yes
Application	debian	postgresql-common	44	Yes
Application	debian	postgresql-common	45	Yes
Application	debian	postgresql-common	46	Yes
Application	debian	postgresql-common	47	Yes
Application	debian	postgresql-common	48	Yes
Application	debian	postgresql-common	49	Yes
Application	debian	postgresql-common	50	Yes
Application	debian	postgresql-common	51	Yes
Application	debian	postgresql-common	52	Yes
Application	debian	postgresql-common	53	Yes
Application	debian	postgresql-common	54	Yes
Application	debian	postgresql-common	55	Yes
Application	debian	postgresql-common	56	Yes
Application	debian	postgresql-common	57	Yes
Application	debian	postgresql-common	58	Yes
Application	debian	postgresql-common	59	Yes
Application	debian	postgresql-common	60	Yes
Application	debian	postgresql-common	61	Yes
Application	debian	postgresql-common	62	Yes
Application	debian	postgresql-common	63	Yes
Application	debian	postgresql-common	64	Yes
Application	debian	postgresql-common	65	Yes
Application	debian	postgresql-common	66	Yes
Application	debian	postgresql-common	67	Yes
Application	debian	postgresql-common	68	Yes
Application	debian	postgresql-common	69	Yes
Application	debian	postgresql-common	70	Yes
Application	debian	postgresql-common	71	Yes
Application	debian	postgresql-common	72	Yes
Application	debian	postgresql-common	73	Yes
Application	debian	postgresql-common	74	Yes
Application	debian	postgresql-common	75	Yes
Application	debian	postgresql-common	76	Yes
Application	debian	postgresql-common	77	Yes
Application	debian	postgresql-common	78	Yes
Application	debian	postgresql-common	79	Yes
Application	debian	postgresql-common	80	Yes
Application	debian	postgresql-common	81	Yes
Application	debian	postgresql-common	82	Yes
Application	debian	postgresql-common	83	Yes
Application	debian	postgresql-common	84	Yes
Application	debian	postgresql-common	85	Yes
Application	debian	postgresql-common	86	Yes
Application	debian	postgresql-common	87	Yes
Application	debian	postgresql-common	88	Yes
Application	debian	postgresql-common	89	Yes
Application	debian	postgresql-common	90	Yes
Application	debian	postgresql-common	91	Yes
Application	debian	postgresql-common	92	Yes
Application	debian	postgresql-common	93	Yes
Application	debian	postgresql-common	94	Yes
Application	debian	postgresql-common	95	Yes
Application	debian	postgresql-common	96	Yes
Application	debian	postgresql-common	97	Yes
Application	debian	postgresql-common	98	Yes
Application	debian	postgresql-common	99	Yes
Application	debian	postgresql-common	100	Yes
Application	debian	postgresql-common	101	Yes
Application	debian	postgresql-common	102	Yes
Application	debian	postgresql-common	103	Yes
Application	debian	postgresql-common	104	Yes
Application	debian	postgresql-common	105	Yes
Application	debian	postgresql-common	106	Yes
Application	debian	postgresql-common	107	Yes
Application	debian	postgresql-common	108	Yes
Application	debian	postgresql-common	109	Yes
Application	debian	postgresql-common	110	Yes
Application	debian	postgresql-common	111	Yes
Application	debian	postgresql-common	112	Yes
Application	debian	postgresql-common	113	Yes
Application	debian	postgresql-common	114	Yes
Application	debian	postgresql-common	115	Yes
Application	debian	postgresql-common	116	Yes
Application	debian	postgresql-common	117	Yes
Application	debian	postgresql-common	118	Yes
Application	debian	postgresql-common	119	Yes
Application	debian	postgresql-common	120	Yes
Application	debian	postgresql-common	121	Yes
Application	debian	postgresql-common	122	Yes
Application	debian	postgresql-common	123	Yes
Application	debian	postgresql-common	124	Yes
Application	debian	postgresql-common	125	Yes
Application	debian	postgresql-common	126	Yes
Application	debian	postgresql-common	127	Yes
Application	debian	postgresql-common	128	Yes
Application	debian	postgresql-common	129	Yes
Application	debian	postgresql-common	130	Yes
Application	debian	postgresql-common	131	Yes
Application	debian	postgresql-common	132	Yes
Application	debian	postgresql-common	133	Yes
Operating System	debian	debian_linux	7.0	No
Application	debian	postgresql-common	1	Yes
Application	debian	postgresql-common	2	Yes
Application	debian	postgresql-common	3	Yes
Application	debian	postgresql-common	4	Yes
Application	debian	postgresql-common	5	Yes
Application	debian	postgresql-common	6	Yes
Application	debian	postgresql-common	7	Yes
Application	debian	postgresql-common	8	Yes
Application	debian	postgresql-common	9	Yes
Application	debian	postgresql-common	10	Yes
Application	debian	postgresql-common	11	Yes
Application	debian	postgresql-common	12	Yes
Application	debian	postgresql-common	13	Yes
Application	debian	postgresql-common	14	Yes
Application	debian	postgresql-common	15	Yes
Application	debian	postgresql-common	16	Yes
Application	debian	postgresql-common	17	Yes
Application	debian	postgresql-common	18	Yes
Application	debian	postgresql-common	19	Yes
Application	debian	postgresql-common	20	Yes
Application	debian	postgresql-common	21	Yes
Application	debian	postgresql-common	22	Yes
Application	debian	postgresql-common	23	Yes
Application	debian	postgresql-common	24	Yes
Application	debian	postgresql-common	25	Yes
Application	debian	postgresql-common	26	Yes
Application	debian	postgresql-common	27	Yes
Application	debian	postgresql-common	28	Yes
Application	debian	postgresql-common	29	Yes
Application	debian	postgresql-common	30	Yes
Application	debian	postgresql-common	31	Yes
Application	debian	postgresql-common	32	Yes
Application	debian	postgresql-common	33	Yes
Application	debian	postgresql-common	34	Yes
Application	debian	postgresql-common	35	Yes
Application	debian	postgresql-common	36	Yes
Application	debian	postgresql-common	37	Yes
Application	debian	postgresql-common	38	Yes
Application	debian	postgresql-common	39	Yes
Application	debian	postgresql-common	40	Yes
Application	debian	postgresql-common	41	Yes
Application	debian	postgresql-common	42	Yes
Application	debian	postgresql-common	43	Yes
Application	debian	postgresql-common	44	Yes
Application	debian	postgresql-common	45	Yes
Application	debian	postgresql-common	46	Yes
Application	debian	postgresql-common	47	Yes
Application	debian	postgresql-common	48	Yes
Application	debian	postgresql-common	49	Yes
Application	debian	postgresql-common	50	Yes
Application	debian	postgresql-common	51	Yes
Application	debian	postgresql-common	52	Yes
Application	debian	postgresql-common	53	Yes
Application	debian	postgresql-common	54	Yes
Application	debian	postgresql-common	55	Yes
Application	debian	postgresql-common	56	Yes
Application	debian	postgresql-common	57	Yes
Application	debian	postgresql-common	58	Yes
Application	debian	postgresql-common	59	Yes
Application	debian	postgresql-common	60	Yes
Application	debian	postgresql-common	61	Yes
Application	debian	postgresql-common	62	Yes
Application	debian	postgresql-common	63	Yes
Application	debian	postgresql-common	64	Yes
Application	debian	postgresql-common	65	Yes
Application	debian	postgresql-common	66	Yes
Application	debian	postgresql-common	67	Yes
Application	debian	postgresql-common	68	Yes
Application	debian	postgresql-common	69	Yes
Application	debian	postgresql-common	70	Yes
Application	debian	postgresql-common	71	Yes
Application	debian	postgresql-common	72	Yes
Application	debian	postgresql-common	73	Yes
Application	debian	postgresql-common	74	Yes
Application	debian	postgresql-common	75	Yes
Application	debian	postgresql-common	76	Yes
Application	debian	postgresql-common	77	Yes
Application	debian	postgresql-common	78	Yes
Application	debian	postgresql-common	79	Yes
Application	debian	postgresql-common	80	Yes
Application	debian	postgresql-common	81	Yes
Application	debian	postgresql-common	82	Yes
Application	debian	postgresql-common	83	Yes
Application	debian	postgresql-common	84	Yes
Application	debian	postgresql-common	85	Yes
Application	debian	postgresql-common	86	Yes
Application	debian	postgresql-common	87	Yes
Application	debian	postgresql-common	88	Yes
Application	debian	postgresql-common	89	Yes
Application	debian	postgresql-common	90	Yes
Application	debian	postgresql-common	91	Yes
Application	debian	postgresql-common	92	Yes
Application	debian	postgresql-common	93	Yes
Application	debian	postgresql-common	94	Yes
Application	debian	postgresql-common	95	Yes
Application	debian	postgresql-common	96	Yes
Application	debian	postgresql-common	97	Yes
Application	debian	postgresql-common	98	Yes
Application	debian	postgresql-common	99	Yes
Application	debian	postgresql-common	100	Yes
Application	debian	postgresql-common	101	Yes
Application	debian	postgresql-common	102	Yes
Application	debian	postgresql-common	103	Yes
Application	debian	postgresql-common	104	Yes
Application	debian	postgresql-common	105	Yes
Application	debian	postgresql-common	106	Yes
Application	debian	postgresql-common	107	Yes
Application	debian	postgresql-common	108	Yes
Application	debian	postgresql-common	109	Yes
Application	debian	postgresql-common	110	Yes
Application	debian	postgresql-common	111	Yes
Application	debian	postgresql-common	112	Yes
Application	debian	postgresql-common	113	Yes
Application	debian	postgresql-common	114	Yes
Application	debian	postgresql-common	115	Yes
Application	debian	postgresql-common	116	Yes
Application	debian	postgresql-common	117	Yes
Application	debian	postgresql-common	118	Yes
Application	debian	postgresql-common	119	Yes
Application	debian	postgresql-common	120	Yes
Application	debian	postgresql-common	121	Yes
Application	debian	postgresql-common	122	Yes
Application	debian	postgresql-common	123	Yes
Application	debian	postgresql-common	124	Yes
Application	debian	postgresql-common	125	Yes
Application	debian	postgresql-common	126	Yes
Application	debian	postgresql-common	127	Yes
Application	debian	postgresql-common	128	Yes
Application	debian	postgresql-common	129	Yes
Application	debian	postgresql-common	130	Yes
Application	debian	postgresql-common	131	Yes
Application	debian	postgresql-common	132	Yes
Application	debian	postgresql-common	133	Yes
Application	debian	postgresql-common	134	Yes
Application	debian	postgresql-common	135	Yes
Application	debian	postgresql-common	136	Yes
Application	debian	postgresql-common	137	Yes
Application	debian	postgresql-common	138	Yes
Application	debian	postgresql-common	139	Yes
Application	debian	postgresql-common	140	Yes
Application	debian	postgresql-common	141	Yes
Application	debian	postgresql-common	142	Yes
Application	debian	postgresql-common	143	Yes
Application	debian	postgresql-common	144	Yes
Application	debian	postgresql-common	145	Yes
Application	debian	postgresql-common	146	Yes
Application	debian	postgresql-common	147	Yes
Application	debian	postgresql-common	148	Yes
Application	debian	postgresql-common	149	Yes
Application	debian	postgresql-common	150	Yes
Application	debian	postgresql-common	151	Yes
Application	debian	postgresql-common	152	Yes
Application	debian	postgresql-common	153	Yes
Application	debian	postgresql-common	154	Yes
Application	debian	postgresql-common	155	Yes
Application	debian	postgresql-common	156	Yes
Application	debian	postgresql-common	157	Yes
Application	debian	postgresql-common	158	Yes
Application	debian	postgresql-common	159	Yes
Application	debian	postgresql-common	160	Yes
Application	debian	postgresql-common	161	Yes
Application	debian	postgresql-common	162	Yes
Application	debian	postgresql-common	163	Yes
Application	debian	postgresql-common	164	Yes
Operating System	debian	debian_linux	8.0	No
Application	debian	postgresql-common	122	Yes
Application	debian	postgresql-common	122ubuntu1	Yes
Application	debian	postgresql-common	124	Yes
Application	debian	postgresql-common	125	Yes
Application	debian	postgresql-common	126	Yes
Application	debian	postgresql-common	127	Yes
Application	debian	postgresql-common	128	Yes
Application	debian	postgresql-common	129	Yes
Application	debian	postgresql-common	129ubuntu1	Yes
Operating System	canonical	ubuntu_linux	12.04	No
Application	debian	postgresql-common	148	Yes
Application	debian	postgresql-common	149	Yes
Application	debian	postgresql-common	150	Yes
Application	debian	postgresql-common	151	Yes
Application	debian	postgresql-common	152	Yes
Application	debian	postgresql-common	153	Yes
Application	debian	postgresql-common	153bzr1	Yes
Application	debian	postgresql-common	154	Yes
Application	debian	postgresql-common	154ubuntu1	Yes
Operating System	canonical	ubuntu_linux	14.04	No
Application	debian	postgresql-common	169git1	Yes
Application	debian	postgresql-common	170	Yes
Application	debian	postgresql-common	171	Yes
Application	debian	postgresql-common	172	Yes
Application	debian	postgresql-common	172ubuntu1	Yes
Application	debian	postgresql-common	173	Yes
Operating System	canonical	ubuntu_linux	16.04	No
Application	debian	postgresql-common	176\+git1	Yes
Application	debian	postgresql-common	177git1	Yes
Application	debian	postgresql-common	177ubuntu1	Yes
Application	debian	postgresql-common	178	Yes
Application	debian	postgresql-common	179	Yes
Operating System	canonical	ubuntu_linux	17.04	No
Application	debian	postgresql-common	179	Yes
Application	debian	postgresql-common	181	Yes
Application	debian	postgresql-common	181ubuntu1	Yes
Application	debian	postgresql-common	183	Yes
Application	debian	postgresql-common	184	Yes
Application	debian	postgresql-common	184ubuntu1	Yes
Operating System	canonical	ubuntu_linux	17.10	No

References

http://www.ubuntu.com/usn/USN-3476-1 Issue Tracking, Third Party Advisory ([email protected])
http://www.ubuntu.com/usn/USN-3476-2 Issue Tracking, Third Party Advisory ([email protected])
https://anonscm.debian.org/cgit/pkg-postgresql/postgresql-common.git/commit/?id=c8989206ec360f199400c74f129f7b4cb878c1ee Issue Tracking, Patch, Vendor Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2017/01/msg00002.html Issue Tracking, Vendor Advisory ([email protected])
http://www.ubuntu.com/usn/USN-3476-1 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-3476-2 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://anonscm.debian.org/cgit/pkg-postgresql/postgresql-common.git/commit/?id=c8989206ec360f199400c74f129f7b4cb878c1ee Issue Tracking, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2017/01/msg00002.html Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For debian's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.