Red Hat update for PostgreSQL



Published: 2018-08-28
Risk Low
Patch available YES
Number of vulnerabilities 7
CVE-ID CVE-2017-15098
CVE-2017-15099
CVE-2018-1053
CVE-2018-1058
CVE-2018-1115
CVE-2018-10915
CVE-2018-10925
CWE-ID CWE-19
CWE-264
CWE-200
CWE-427
CWE-284
CWE-89
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Red Hat Enterprise Linux for x86_64
Operating systems & Components / Operating system

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Data handling

EUVDB-ID: #VU9168

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-15098

CWE-ID: CWE-19 - Data Handling

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition or obtain potentially sensitive information on a targeted system.

The weakness exists due to improper data handling. A remote attacker can send specially crafted data to trigger a rowtype mismatch in json{b}_populate_recordset(), cause the application to crash or read arbitrary data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6 - 7.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:2566

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Security restrictions bypass

EUVDB-ID: #VU9167

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-15099

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on a targeted system.

The weakness exists due to improper security restrictions in the case of an arbiter specified by constraint name. A remote attacker can submit specially crafted INSERT requests and bypass security controls on the update path of 'INSERT ... ON CONFLICT DO UPDATE' function to conduct further attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6 - 7.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:2566

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Information disclosure

EUVDB-ID: #VU10439

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-1053

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

A vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to insufficient security restrictions. A remote attacker can gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6 - 7.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:2566

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Privilege escalation

EUVDB-ID: #VU10810

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-1058

CWE-ID: CWE-427 - Uncontrolled Search Path Element

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists in the pg_dump function due to improper security restrictions. A local attacker can submit a malicious function in separate namespaces and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6 - 7.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:2566

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Security restrictions bypass

EUVDB-ID: #VU12652

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2018-1115

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.

The weakness exists in the pg_catalog.pg_logfile_rotate() function due to improper Access Control List (ACL) restrictions as it does not follow the same ACLs as the pg_rorate_logfile function. A remote attacker can connect to the database and cause the target software to force log rotation, write log messages across arbitrary log files or cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6 - 7.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:2566

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) SQL injection

EUVDB-ID: #VU14326

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-10915

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted HTTP request to vulnerable script and execute arbitrary SQL commands in web application database.

Successful exploitation of the vulnerability may allow an attacker to gain administrative access to vulnerable web application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6 - 7.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:2566

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Information disclosure

EUVDB-ID: #VU14327

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-10925

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote privileged attacker to obtain potentially sensitive information.

The vulnerability exists due to improper check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". A remote attacker with "CREATE TABLE" privileges can read arbitrary bytes server memory.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6 - 7.5


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:2566

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###