#VU32769 Permissions, Privileges, and Access Controls in PostgreSQL - CVE-2012-3488

Cybersecurity Help s.r.o.

Published: 2012-10-04 | Updated: 2020-07-28

Vulnerability identifier: #VU32769

Vulnerability risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2012-3488

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
PostgreSQL
Server applications / Database software

Vendor: PostgreSQL Global Development Group

Description

The vulnerability allows a remote #AU# to read and manipulate data.

The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue.

Mitigation
Install update from vendor's website.

Vulnerable software versions

PostgreSQL: 8.3 - 8.3.19

External links
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
https://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
https://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html
https://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html
https://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html
https://rhn.redhat.com/errata/RHSA-2012-1263.html
https://rhn.redhat.com/errata/RHSA-2012-1264.html
https://secunia.com/advisories/50635
https://secunia.com/advisories/50636
https://secunia.com/advisories/50718
https://secunia.com/advisories/50859
https://secunia.com/advisories/50946
https://www.debian.org/security/2012/dsa-2534
https://www.mandriva.com/security/advisories?name=MDVSA-2012:139
https://www.postgresql.org/about/news/1407/
https://www.postgresql.org/docs/8.3/static/release-8-3-20.html
https://www.postgresql.org/docs/8.4/static/release-8-4-13.html
https://www.postgresql.org/docs/9.0/static/release-9-0-9.html
https://www.postgresql.org/docs/9.1/static/release-9-1-5.html
https://www.postgresql.org/support/security/
https://www.securityfocus.com/bid/55072
https://www.ubuntu.com/usn/USN-1542-1
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_postgresql2
https://bugzilla.redhat.com/show_bug.cgi?id=849172

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Permissions, Privileges, and Access Controls in PostgreSQL

Gentoo update for PostgreSQL

Amazon Linux AMI update for postgresql8

Amazon Linux AMI update for postgresql9

Permissions, Privileges, and Access Controls in postgresql (Alpine package)