Privilege escalation in postgresql (Alpine package)

1) Privilege escalation

EUVDB-ID: #VU10810

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1058

CWE-ID: CWE-427 - Uncontrolled Search Path Element

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists in the pg_dump function due to improper security restrictions. A local attacker can submit a malicious function in separate namespaces and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

postgresql (Alpine package): 9.4.11-r0 - 9.5.11-r0

External links

http://git.alpinelinux.org/aports/commit/?id=5600c80ab97b0bed725ec1c24f981a765e54593b
http://git.alpinelinux.org/aports/commit/?id=c2110f5a7667d71596172fb142d3a573bb958c83
http://git.alpinelinux.org/aports/commit/?id=2b95c8929982c3ff86b48ffe921cf9ddff6aeebd
http://git.alpinelinux.org/aports/commit/?id=5f580c412de14f7329bf77293a1c8bbce8a74d48
http://git.alpinelinux.org/aports/commit/?id=a45f08a77099d6808f80e50d6dbc853fcd710cdb
http://git.alpinelinux.org/aports/commit/?id=624b75626de3a26e8b8af8fb50e6923d00562d04
http://git.alpinelinux.org/aports/commit/?id=311beaa3b05e1d5dfd1a3eedff4315f03ec9cc3e

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.