SB2020062508 - Path traversal and bundled PostgreSQL vulnerabilities in Zoho ManageEngine OpManager

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020062508

SB2020062508 - Path traversal and bundled PostgreSQL vulnerabilities in Zoho ManageEngine OpManager

Published: June 25, 2020

Security Bulletin ID SB2020062508
Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 25% Low 75%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Path traversal (CVE-ID: N/A)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences using <cachestart>. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.


2) Improper Authorization (CVE-ID: CVE-2020-1720)

The vulnerability allows a remote attacker to perform unauthorized modification of data in database.

The vulnerability exists due to the ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization checks, which can allow an unprivileged user to drop any function, procedure, materialized view, index, or trigger under certain conditions. This attack is possible if an administrator has installed an extension and an unprivileged user can CREATE, or an extension owner either executes DROP EXTENSION predictably or can be convinced to execute DROP EXTENSION.


3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-3466)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to pg_ctlcluster does not drop privileges before creating sockets and temporary directories outside "/var/run/postgresql". A local user can create arbitrary directories on the system during application startup or reload and elevate privileges on the system.


4) Untrusted search path (CVE-ID: CVE-2020-10733)

The vulnerability allows a local user to escalate privileges on he system.

The vulnerability exists due to Windows installer runs  executables from uncontrolled directories. A local user can trick the victim to install PostgreSQL from a directory that contains a malicious files and execute arbitrary code on the system with elevated privileges.

Note, this vulnerability affects Windows installer only.


Remediation

Install update from vendor's website.

References