Security restrictions bypass in postgresql (Alpine package)

1) Security restrictions bypass

EUVDB-ID: #VU12652

Risk: Medium

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1115

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.

The weakness exists in the pg_catalog.pg_logfile_rotate() function due to improper Access Control List (ACL) restrictions as it does not follow the same ACLs as the pg_rorate_logfile function. A remote attacker can connect to the database and cause the target software to force log rotation, write log messages across arbitrary log files or cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

postgresql (Alpine package): 9.5.12-r0

External links

http://git.alpinelinux.org/aports/commit/?id=5600c80ab97b0bed725ec1c24f981a765e54593b
http://git.alpinelinux.org/aports/commit/?id=2b95c8929982c3ff86b48ffe921cf9ddff6aeebd
http://git.alpinelinux.org/aports/commit/?id=5f580c412de14f7329bf77293a1c8bbce8a74d48
http://git.alpinelinux.org/aports/commit/?id=142c9bf9b9b11c11bea7ddc0a791738c9e17bb38
http://git.alpinelinux.org/aports/commit/?id=2d38d79dfbb716fae92d25e4a7d70bbe1ff09a57
http://git.alpinelinux.org/aports/commit/?id=9413330e55d1431c18c7df8b66ad98cdc9d278c7
http://git.alpinelinux.org/aports/commit/?id=a1b0125ba4bfed27de55787fb462438f34f6d51f
http://git.alpinelinux.org/aports/commit/?id=03383fc4a15bcefe41c79e58cabf62f2bb52e006

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.