Multiple vulnerabilities in PostgreSQL

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU111776

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2009-3230

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote user to read and manipulate data.

The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.

Mitigation

Install update from vendor's website.

Vulnerable software versions

PostgreSQL: 7.4 - 8.4.0

CPE2.3

• cpe:2.3:a:postgresql_global_development_group:postgresql:7.4:*:*:*:*:*:*:*
• cpe:2.3:a:postgresql_global_development_group:postgresql:*:*:*:*:*:*:*:*
• cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.2:*:*:*:*:*:*:*
• cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.3:*:*:*:*:*:*:*
• cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.4:*:*:*:*:*:*:*
• cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.6:*:*:*:*:*:*:*
• cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.7:*:*:*:*:*:*:*
• cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.8:*:*:*:*:*:*:*
• cpe:2.3:a:postgresql_global_development_group:postgresql:7.4.9:*:*:*:*:*:*:*

External links

https://archives.postgresql.org/pgsql-www/2009-09/msg00024.php
https://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
https://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
https://marc.info/?l=bugtraq&m=134124585221119&w=2
https://secunia.com/advisories/36660
https://secunia.com/advisories/36695
https://secunia.com/advisories/36727
https://secunia.com/advisories/36800
https://secunia.com/advisories/36837
https://sunsolve.sun.com/search/document.do?assetkey=1-66-270408-1
https://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012
https://www.postgresql.org/docs/8.3/static/release-8-3-8.html
https://www.postgresql.org/support/security.html
https://www.securityfocus.com/archive/1/509917/100/0/threaded
https://www.securityfocus.com/bid/36314
https://www.ubuntu.com/usn/usn-834-1
https://www.us.debian.org/security/2009/dsa-1900
https://www.vupen.com/english/advisories/2009/2602
https://bugzilla.redhat.com/show_bug.cgi?id=522085
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10166
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU111777

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2009-3229

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to perform service disruption.

The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service (backend shutdown) by "re-LOAD-ing" libraries from a certain plugins directory.

Mitigation

Install update from vendor's website.

Vulnerable software versions

PostgreSQL: 8.2 - 8.4.0

CPE2.3

• cpe:2.3:a:postgresql_global_development_group:postgresql:8.2:*:*:*:*:*:*:*
• cpe:2.3:a:postgresql_global_development_group:postgresql:8.2.1:*:*:*:*:*:*:*
• cpe:2.3:a:postgresql_global_development_group:postgresql:8.2.2:*:*:*:*:*:*:*
• cpe:2.3:a:postgresql_global_development_group:postgresql:8.2.3:*:*:*:*:*:*:*
• cpe:2.3:a:postgresql_global_development_group:postgresql:8.2.5:*:*:*:*:*:*:*
• cpe:2.3:a:postgresql_global_development_group:postgresql:8.2.6:*:*:*:*:*:*:*
• cpe:2.3:a:postgresql_global_development_group:postgresql:8.2.7:*:*:*:*:*:*:*
• cpe:2.3:a:postgresql_global_development_group:postgresql:8.2.8:*:*:*:*:*:*:*

External links

https://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
https://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
https://marc.info/?l=bugtraq&m=134124585221119&w=2
https://secunia.com/advisories/36660
https://secunia.com/advisories/36727
https://secunia.com/advisories/36800
https://secunia.com/advisories/36837
https://sunsolve.sun.com/search/document.do?assetkey=1-66-270408-1
https://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012
https://www.postgresql.org/docs/8.3/static/release-8-3-8.html
https://www.postgresql.org/support/security.html
https://www.securityfocus.com/archive/1/509917/100/0/threaded
https://www.securityfocus.com/bid/36314
https://www.ubuntu.com/usn/usn-834-1
https://www.us.debian.org/security/2009/dsa-1900
https://bugzilla.redhat.com/show_bug.cgi?id=522092
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.