SB2017080713 - Red Hat update for rh-postgresql95-postgresql
Published: August 7, 2017
Security Bulletin ID
SB2017080713
Severity
Critical
Patch available
YES
Number of vulnerabilities
5
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Arbitrary code execution (CVE-ID: CVE-2016-5423)
The vulnerability allows a remote attacker to execute arbitrary code,The vulnerability exists in PostgreSQL. A remote authenticated attacker can cause the target server to crash, disclose portions of server memory, or potentially execute arbitrary code by submiting specially crafted SQL statements containing CASE/WHEN commands.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Disclosure of user information (CVE-ID: CVE-2016-5424)
The vulnerability allows a remote attacker to gain elevated privileges on the target system.The vulnerability exists in PostgreSQL. A remote authenticated attacker with CREATEDB or CREATEROLE roles can gain elevated privileges on the target system by creating a specially crafted object name containing newlines, carriage returns, double quotes, or backslashes.
Successful exploitation of this vulnerability may result in disclosure of user information.
3) Information disclosure (CVE-ID: CVE-2017-7484)
The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.The weakness exists due to improper privilege checking before providing information from pg_statistic. A remote attacker can send a specially crafted request to bypass SELECT privilege checks, cause memory leak and steal some information from ostensibly restricted tables.
Successful exploitation of the vulnerability results in information disclosure.
4) Man-in-the-middle attack (CVE-ID: CVE-2017-7485)
The vulnerability allows a remote attacker to conduct a man-in-the-middle attack.The weakness exists in the PGREQUIRESSL environment due to no enforcement of a SSL/TLS connection to a PostgreSQL server. A remote attacker can launch a man-in-the-middle attack to strip the SSL/TLS protection from a connection between a client and a server and modify the communicated data.
Successful exploitation of the vulnerability results in unauthorized access to sensitive information.
5) Information disclosure (CVE-ID: CVE-2017-7486)
The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.The weakness exists due to improper implementation of pg_user_mappings access qualifications. A remote attacker with USAGE privilege on the associated foreign server can send a specially crafted request to trigger memory leak in pg_user_mappings view and disclose foreign server passwords.
Successful exploitation of the vulnerability results in information disclosure.
Remediation
Install update from vendor's website.