{
  "threat_severity" : "Moderate",
  "public_date" : "2016-08-11T00:00:00Z",
  "bugzilla" : {
    "description" : "postgresql: privilege escalation via crafted database and role names",
    "id" : "1364002",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1364002"
  },
  "cvss" : {
    "cvss_base_score" : "6.0",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:S/C:P/I:P/A:P",
    "status" : "verified"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.6",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-20",
  "details" : [ "PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) \" (double quote), (2) \\ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.", "A flaw was found in the way PostgreSQL client programs handled database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable client program." ],
  "acknowledgement" : "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Nathan Bossart as the original reporter.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-11-03T00:00:00Z",
    "advisory" : "RHSA-2016:2606",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "postgresql-0:9.2.18-1.el7"
  }, {
    "product_name" : "Red Hat Satellite 5.7",
    "release_date" : "2017-08-07T00:00:00Z",
    "advisory" : "RHSA-2017:2425",
    "cpe" : "cpe:/a:redhat:network_satellite:5.7::el6",
    "package" : "rh-postgresql95-0:2.2-3.el6"
  }, {
    "product_name" : "Red Hat Satellite 5.7",
    "release_date" : "2017-08-07T00:00:00Z",
    "advisory" : "RHSA-2017:2425",
    "cpe" : "cpe:/a:redhat:network_satellite:5.7::el6",
    "package" : "rh-postgresql95-postgresql-0:9.5.7-2.el6"
  }, {
    "product_name" : "Red Hat Satellite 5.7",
    "release_date" : "2017-08-07T00:00:00Z",
    "advisory" : "RHSA-2017:2425",
    "cpe" : "cpe:/a:redhat:network_satellite:5.7::el6",
    "package" : "spacewalk-backend-0:2.3.3-53.el6sat"
  }, {
    "product_name" : "Red Hat Satellite 5.7",
    "release_date" : "2017-08-07T00:00:00Z",
    "advisory" : "RHSA-2017:2425",
    "cpe" : "cpe:/a:redhat:network_satellite:5.7::el6",
    "package" : "spacewalk-postgresql-server-0:9.5-1.el6sat"
  }, {
    "product_name" : "Red Hat Satellite 5.7",
    "release_date" : "2017-08-07T00:00:00Z",
    "advisory" : "RHSA-2017:2425",
    "cpe" : "cpe:/a:redhat:network_satellite:5.7::el6",
    "package" : "spacewalk-setup-postgresql-0:2.3.0-27.el6sat"
  }, {
    "product_name" : "Red Hat Satellite 5.7",
    "release_date" : "2017-08-07T00:00:00Z",
    "advisory" : "RHSA-2017:2425",
    "cpe" : "cpe:/a:redhat:network_satellite:5.7::el6",
    "package" : "spacewalk-utils-0:2.3.2-32.el6sat"
  }, {
    "product_name" : "Red Hat Satellite 5.7",
    "release_date" : "2017-08-07T00:00:00Z",
    "advisory" : "RHSA-2017:2425",
    "cpe" : "cpe:/a:redhat:network_satellite:5.7::el6",
    "package" : "spacewalk-web-0:2.3.2-35.el6sat"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6",
    "release_date" : "2016-08-31T00:00:00Z",
    "advisory" : "RHSA-2016:1781",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el6",
    "package" : "rh-postgresql94-postgresql-0:9.4.9-1.el6"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6",
    "release_date" : "2016-09-07T00:00:00Z",
    "advisory" : "RHSA-2016:1820",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el6",
    "package" : "postgresql92-postgresql-0:9.2.18-1.el6"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6",
    "release_date" : "2016-09-07T00:00:00Z",
    "advisory" : "RHSA-2016:1821",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el6",
    "package" : "rh-postgresql95-postgresql-0:9.5.4-1.el6"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS",
    "release_date" : "2016-08-31T00:00:00Z",
    "advisory" : "RHSA-2016:1781",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el6",
    "package" : "rh-postgresql94-postgresql-0:9.4.9-1.el6"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS",
    "release_date" : "2016-09-07T00:00:00Z",
    "advisory" : "RHSA-2016:1820",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el6",
    "package" : "postgresql92-postgresql-0:9.2.18-1.el6"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS",
    "release_date" : "2016-09-07T00:00:00Z",
    "advisory" : "RHSA-2016:1821",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el6",
    "package" : "rh-postgresql95-postgresql-0:9.5.4-1.el6"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS",
    "release_date" : "2016-08-31T00:00:00Z",
    "advisory" : "RHSA-2016:1781",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el6",
    "package" : "rh-postgresql94-postgresql-0:9.4.9-1.el6"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS",
    "release_date" : "2016-09-07T00:00:00Z",
    "advisory" : "RHSA-2016:1820",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el6",
    "package" : "postgresql92-postgresql-0:9.2.18-1.el6"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS",
    "release_date" : "2016-09-07T00:00:00Z",
    "advisory" : "RHSA-2016:1821",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el6",
    "package" : "rh-postgresql95-postgresql-0:9.5.4-1.el6"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7",
    "release_date" : "2016-08-31T00:00:00Z",
    "advisory" : "RHSA-2016:1781",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el7",
    "package" : "rh-postgresql94-postgresql-0:9.4.9-1.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7",
    "release_date" : "2016-09-07T00:00:00Z",
    "advisory" : "RHSA-2016:1820",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el7",
    "package" : "postgresql92-postgresql-0:9.2.18-1.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7",
    "release_date" : "2016-09-07T00:00:00Z",
    "advisory" : "RHSA-2016:1821",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el7",
    "package" : "rh-postgresql95-postgresql-0:9.5.4-1.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS",
    "release_date" : "2016-08-31T00:00:00Z",
    "advisory" : "RHSA-2016:1781",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el7",
    "package" : "rh-postgresql94-postgresql-0:9.4.9-1.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS",
    "release_date" : "2016-09-07T00:00:00Z",
    "advisory" : "RHSA-2016:1820",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el7",
    "package" : "postgresql92-postgresql-0:9.2.18-1.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS",
    "release_date" : "2016-09-07T00:00:00Z",
    "advisory" : "RHSA-2016:1821",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el7",
    "package" : "rh-postgresql95-postgresql-0:9.5.4-1.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS",
    "release_date" : "2016-08-31T00:00:00Z",
    "advisory" : "RHSA-2016:1781",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el7",
    "package" : "rh-postgresql94-postgresql-0:9.4.9-1.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS",
    "release_date" : "2016-09-07T00:00:00Z",
    "advisory" : "RHSA-2016:1820",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el7",
    "package" : "postgresql92-postgresql-0:9.2.18-1.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS",
    "release_date" : "2016-09-07T00:00:00Z",
    "advisory" : "RHSA-2016:1821",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:2::el7",
    "package" : "rh-postgresql95-postgresql-0:9.5.4-1.el7"
  } ],
  "package_state" : [ {
    "product_name" : "CloudForms Management Engine 5",
    "fix_state" : "Affected",
    "package_name" : "postgresql",
    "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5"
  }, {
    "product_name" : "CloudForms Management Engine 5",
    "fix_state" : "Affected",
    "package_name" : "postgresql92-postgresql",
    "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "postgresql",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "postgresql84",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "postgresql",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-5424\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5424" ],
  "name" : "CVE-2016-5424",
  "csaw" : false
}