SB2020102809 - Amazon Linux AMI update for postgresql96

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020102809

SB2020102809 - Amazon Linux AMI update for postgresql96

Published: October 28, 2020

Security Bulletin ID SB2020102809
Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 25% Low 75%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-10130)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to incorrect implementation of row security policies. A remote attacker can use statistics, generated for tables to bypass row security policies and gain access to restricted rows.


2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-10208)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to way PostreSQL processes SECURITY DEFINER functions. A privileged attacker with EXECUTE permission, which must itself contain a function call having inexact argument type match, can execute arbitrary SQL query under the identity of the function owner.


3) Untrusted search path (CVE-ID: CVE-2020-14350)

The vulnerability allows a remote user to escalate privileges within the database.

The vulnerability exists due to the way PostgreSQL handles CREATE EXTENSION statements. A remote user with permission to create objects in the new extension's schema or a schema of a prerequisite extension can execute arbitrary SQL functions under the identity of the superuser in certain cases.


4) Improper Authorization (CVE-ID: CVE-2020-1720)

The vulnerability allows a remote attacker to perform unauthorized modification of data in database.

The vulnerability exists due to the ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization checks, which can allow an unprivileged user to drop any function, procedure, materialized view, index, or trigger under certain conditions. This attack is possible if an administrator has installed an extension and an unprivileged user can CREATE, or an extension owner either executes DROP EXTENSION predictably or can be convinced to execute DROP EXTENSION.


Remediation

Install update from vendor's website.

References