Multiple vulnerabilities in PostgreSQL



Published: 2019-08-08
Risk Low
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2019-10208
CVE-2019-10209
CVE-2019-10210
CVE-2019-10211
CWE-ID CWE-264
CWE-200
CWE-256
CWE-426
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
PostgreSQL
Server applications / Database software

Vendor PostgreSQL Global Development Group

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU20003

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-10208

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to way PostreSQL processes SECURITY DEFINER functions. A privileged attacker with EXECUTE permission, which must itself contain a function call having inexact argument type match, can execute arbitrary SQL query under the identity of the function owner.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

PostgreSQL: 11.0 - 11.4, 10.0 - 10.9, 9.6.0 - 9.6.14, 9.5.0 - 9.5.18, 9.4.0 - 9.4.23


CPE2.3 External links

http://www.postgresql.org/about/news/1960/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Information disclosure

EUVDB-ID: #VU20004

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-10209

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to way PostgreSQL processes user-defined hash equality operators. A remote attacker can under certain circumstances read arbitrary bytes from server memory.

Note, exploitation of this vulnerability requires a superuser to create unusual operators.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

PostgreSQL: 11.0 - 11.4


CPE2.3 External links

http://www.postgresql.org/about/news/1960/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) Unprotected storage of credentials

EUVDB-ID: #VU20005

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-10210

CWE-ID: CWE-256 - Unprotected Storage of Credentials

Exploit availability: No

Description

The vulnerability allows a local user to access credentials in plain text.
The vulnerability exists due to EnterpriseDB Windows installer writes a password to a temporary file in its installation directory, creates initial databases, and deletes the file. During those seconds while the file exists, a local user can read the PostgreSQL superuser password from the file.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

PostgreSQL: 11.0 - 11.4, 10.0 - 10.9, 9.6.0 - 9.6.14, 9.5 - 9.5.18, 9.4 - 9.4.23


CPE2.3 External links

http://www.postgresql.org/about/news/1960/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

4) Untrusted search path

EUVDB-ID: #VU20006

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-10211

CWE-ID: CWE-426 - Untrusted Search Path

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to EnterpriseDB Windows installer bundles an OpenSSL library that tries to load configuration from a hard-coded location on the system. This location usually does not exists, therefore an attacker can create a folder, place malicious configuration file in it and execute the configuration.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

PostgreSQL: 11.0 - 11.4, 10.0 - 10.9, 9.6.0 - 9.6.14, 9.5 - 9.5.18, 9.4 - 9.4.23


CPE2.3 External links

http://www.postgresql.org/about/news/1960/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###