CVEs-PoC/2017/CVE-2017-14798.md

### [CVE-2017-14798](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14798)
![](https://img.shields.io/static/v1?label=Product&message=postgresql-init&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-61&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=creation%20of%20directory%20could%20follow%20symlinks&color=brightgreen)

### Description

A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.

### POC

#### Reference
- https://bugzilla.suse.com/show_bug.cgi?id=1062722
- https://www.exploit-db.com/exploits/45184/

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/lekctut/sdb-hw-13-01
- https://github.com/pedr0alencar/vlab-metasploitable2