Multiple vulnerabilities in PostgreSQL



Published: 2019-08-08
Risk Low
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2019-10208
CVE-2019-10209
CVE-2019-10210
CVE-2019-10211
CWE-ID CWE-264
CWE-200
CWE-256
CWE-426
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		PostgreSQL
Server applications / Database software

Vendor PostgreSQL Global Development Group

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU20003

Risk: Low

CVSSv3.1: 3.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-10208

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to way PostreSQL processes SECURITY DEFINER functions. A privileged attacker with EXECUTE permission, which must itself contain a function call having inexact argument type match, can execute arbitrary SQL query under the identity of the function owner.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

PostgreSQL: 9.4.0 - 11.4

External links

http://www.postgresql.org/about/news/1960/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU20004

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-10209

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to way PostgreSQL processes user-defined hash equality operators. A remote attacker can under certain circumstances read arbitrary bytes from server memory.

Note, exploitation of this vulnerability requires a superuser to create unusual operators.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

PostgreSQL: 11.0 - 11.4

External links

http://www.postgresql.org/about/news/1960/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Unprotected storage of credentials

EUVDB-ID: #VU20005

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-10210

CWE-ID: CWE-256 - Unprotected Storage of Credentials

Exploit availability: No

Description

The vulnerability allows a local user to access credentials in plain text.
The vulnerability exists due to EnterpriseDB Windows installer writes a password to a temporary file in its installation directory, creates initial databases, and deletes the file. During those seconds while the file exists, a local user can read the PostgreSQL superuser password from the file.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

PostgreSQL: 9.4 - 11.4

External links

http://www.postgresql.org/about/news/1960/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Untrusted search path

EUVDB-ID: #VU20006

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-10211

CWE-ID: CWE-426 - Untrusted Search Path

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to EnterpriseDB Windows installer bundles an OpenSSL library that tries to load configuration from a hard-coded location on the system. This location usually does not exists, therefore an attacker can create a folder, place malicious configuration file in it and execute the configuration.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

PostgreSQL: 9.4 - 11.4

External links

http://www.postgresql.org/about/news/1960/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###