Multiple vulnerabilities in PostgreSQL



Published: 2017-11-10
Risk Low
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2017-15099
CVE-2017-15098
CVE-2017-12172
CWE-ID CWE-264
CWE-19
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
PostgreSQL
Server applications / Database software

Vendor PostgreSQL Global Development Group

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Security restrictions bypass

EUVDB-ID: #VU9167

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-15099

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on a targeted system.

The weakness exists due to improper security restrictions in the case of an arbiter specified by constraint name. A remote attacker can submit specially crafted INSERT requests and bypass security controls on the update path of 'INSERT ... ON CONFLICT DO UPDATE' function to conduct further attacks.

Mitigation

Update to version 9.6.6.

Vulnerable software versions

PostgreSQL: 9.6.0 - 9.6.5, 9.5.0 - 9.5.8, 9.4.0 - 9.4.13


CPE2.3 External links

http://www.postgresql.org/docs/current/static/release-9-6-6.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Data handling

EUVDB-ID: #VU9168

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-15098

CWE-ID: CWE-19 - Data Handling

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition or obtain potentially sensitive information on a targeted system.

The weakness exists due to improper data handling. A remote attacker can send specially crafted data to trigger a rowtype mismatch in json{b}_populate_recordset(), cause the application to crash or read arbitrary data.

Mitigation

Update to version 9.6.6.

Vulnerable software versions

PostgreSQL: 9.6.0 - 9.6.5, 9.5.0 - 9.5.8, 9.4.0 - 9.4.13


CPE2.3 External links

http://www.postgresql.org/docs/current/static/release-9-6-6.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) Improper access control

EUVDB-ID: #VU9169

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-12172

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition or obtain potentially sensitive information on a targeted system.

The weakness exists due to a flaw in certain non-default startup scripts. A local attacker with the privileges of the database server can create a symbolic link from the $PGLOG file to a critical file and modify the target file.

Mitigation

Update to version 9.6.6.

Vulnerable software versions

PostgreSQL: 9.6.0 - 9.6.5, 9.5.0 - 9.5.8, 9.4.0 - 9.4.13


CPE2.3 External links

http://www.postgresql.org/docs/current/static/release-9-6-6.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###