#VU12652 Security restrictions bypass in PostgreSQL


Published: 2018-05-15 | Updated: 2018-05-15

Vulnerability identifier: #VU12652

Vulnerability risk: Medium

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1115

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
PostgreSQL
Server applications / Database software

Vendor: PostgreSQL Global Development Group

Description
The vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.

The weakness exists in the pg_catalog.pg_logfile_rotate() function due to improper Access Control List (ACL) restrictions as it does not follow the same ACLs as the pg_rorate_logfile function. A remote attacker can connect to the database and cause the target software to force log rotation, write log messages across arbitrary log files or cause the service to crash.

Mitigation
Update to version 10.4 or 9.6.9.

Vulnerable software versions

PostgreSQL: 10.0 - 10.3, 9.6.0 - 9.6.8

External links
http://git.postgresql.org/gitweb/?p=postgresql.git&a=commitdiff&h=7b34740

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


OpenSUSE Linux update for postgresql96, postgresql10 and postgresql12
Amazon Linux AMI update for postgresql96
Gentoo update for PostgreSQL
OpenSUSE Linux update for postgresql10
Red Hat update for PostgreSQL
Red Hat update for PostgreSQL
openSUSE update for postgresql95
OpenSUSE Linux update for postgresql96
Security restrictions bypass in PostgreSQL
Security restrictions bypass in postgresql (Alpine package)