Errata ALT-PU-2019-1785-1: Information
Fixes
Published: May 9, 2019
BDU:2019-02122
Уязвимость инсталлятора BigSQL системы управления базами данных PostgreSQL, позволяющая нарушителю прочитать произвольные области памяти серверного процесса
Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: July 30, 2019
BDU:2019-04641
Уязвимость системы управления базами данных PostgreSQL, связанная с некорректным контролем доступа, позволяющая нарушителю получить доступ к конфиденциальным данным
Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Links:
Published: July 30, 2019
Modified: Feb. 3, 2023
Modified: Feb. 3, 2023
CVE-2019-10129
A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052).
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
Published: July 30, 2019
Modified: Sept. 30, 2020
Modified: Sept. 30, 2020
CVE-2019-10130
A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.
Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Links:
Published: April 2, 2019
Modified: May 17, 2024
Modified: May 17, 2024
CVE-2019-9193
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’.
Severity: HIGH (7.2) Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Links:
- https://paquier.xyz/postgresql-2/postgres-9-3-feature-highlight-copy-tofrom-program/
- https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/authenticated-arbitrary-command-execution-on-postgresql-9-3/
- https://blog.hagander.net/when-a-vulnerability-is-not-a-vulnerability-244/
- https://security.netapp.com/advisory/ntap-20190502-0003/
- http://packetstormsecurity.com/files/152757/PostgreSQL-COPY-FROM-PROGRAM-Command-Execution.html
- http://packetstormsecurity.com/files/166540/PostgreSQL-11.7-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/171722/PostgreSQL-9.6.1-Remote-Code-Execution.html