SB20170112138 - Gentoo update for PostgreSQL

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20170112138

SB20170112138 - Gentoo update for PostgreSQL

Published: January 12, 2017 Updated: January 12, 2017

Security Bulletin ID SB20170112138
Severity
Critical
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Critical 17% High 17% Medium 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2015-5288)

The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.

The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.


2) Stack-based buffer overflow (CVE-ID: CVE-2015-5289)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing unspecified vectors, which are not properly handled in (1) json or (2) jsonb values. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2016-0766)

The vulnerability allows a remote authenticated user to execute arbitrary code.

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.


4) Buffer overflow (CVE-ID: CVE-2016-0773)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.


5) Arbitrary code execution (CVE-ID: CVE-2016-5423)

The vulnerability allows a remote attacker to execute arbitrary code,

The vulnerability exists in PostgreSQL. A remote authenticated attacker can cause the target server to crash, disclose portions of server memory, or potentially execute arbitrary code by submiting specially crafted SQL statements containing CASE/WHEN commands.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


6) Disclosure of user information (CVE-ID: CVE-2016-5424)

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists in PostgreSQL. A remote authenticated attacker with CREATEDB or CREATEROLE roles can gain elevated privileges on the target system by creating a specially crafted object name containing newlines, carriage returns, double quotes, or backslashes.

Successful exploitation of this vulnerability may result in disclosure of user information.


Remediation

Install update from vendor's website.

References