SQL injection in postgresql (Alpine package)

1) SQL injection

EUVDB-ID: #VU15796

Risk: Low

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-16850

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to execute arbitrary SQL commands in web application database.

The vulnerability exists due to insufficient sanitization of statements involving CREATE TRIGGER REFERENCING. A remote attacker can send a specially crafted HTTP request to vulnerable script and execute arbitrary SQL commands in web application database when running the pg_upgrade utility on the database or during a pg_dump utility dump/restore cycle.

Successful exploitation of the vulnerability may allow an attacker to gain administrative access to vulnerable web application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

postgresql (Alpine package): 10.2-r0 - 11.0-r1

postgresql (Alpine package):

External links

http://git.alpinelinux.org/aports/commit/?id=5600c80ab97b0bed725ec1c24f981a765e54593b
http://git.alpinelinux.org/aports/commit/?id=2b95c8929982c3ff86b48ffe921cf9ddff6aeebd
http://git.alpinelinux.org/aports/commit/?id=5f580c412de14f7329bf77293a1c8bbce8a74d48
http://git.alpinelinux.org/aports/commit/?id=3c20033f75ab5c8b506ad5e4acb3438626aff953
http://git.alpinelinux.org/aports/commit/?id=7cf139bac41c8f2e1885d5f99334daeaeb059ac3
http://git.alpinelinux.org/aports/commit/?id=aea07a63d90d0cde39022c14973acfc56ff8d6f2

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.