Executive Summary
Summary | |
---|---|
Title | postgresql and postgresql84 security update |
Informations | |||
---|---|---|---|
Name | RHSA-2010:0742 | First vendor Publication | 2010-10-06 |
Vendor | RedHat | Last vendor Modification | 2010-10-06 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:S/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated postgresql and postgresql84 packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: PostgreSQL is an advanced object-relational database management system (DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages. The PostgreSQL SECURITY DEFINER parameter, which can be used when creating a new PostgreSQL function, specifies that the function will be executed with the privileges of the user that created it. It was discovered that a user could utilize the features of the PL/Perl and PL/Tcl languages to modify the behavior of a SECURITY DEFINER function created by a different user. If the PL/Perl or PL/Tcl language was used to implement a SECURITY DEFINER function, an authenticated database user could use a PL/Perl or PL/Tcl script to modify the behavior of that function during subsequent calls in the same session. This would result in the modified or injected code also being executed with the privileges of the user who created the SECURITY DEFINER function, possibly leading to privilege escalation. (CVE-2010-3433) For Red Hat Enterprise Linux 4, the updated postgresql packages upgrade PostgreSQL to version 7.4.30. Refer to the PostgreSQL Release Notes for a list of changes: http://www.postgresql.org/docs/7.4/static/release.html For Red Hat Enterprise Linux 5, the updated postgresql packages upgrade PostgreSQL to version 8.1.22, and the updated postgresql84 packages upgrade PostgreSQL to version 8.4.5. Refer to the PostgreSQL Release Notes for a list of changes: http://www.postgresql.org/docs/8.1/static/release.html http://www.postgresql.org/docs/8.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 639371 - CVE-2010-3433 PostgreSQL (PL/Perl, PL/Tcl): SECURITY DEFINER function keyword bypass |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2010-0742.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12311 | |||
Oval ID: | oval:org.mitre.oval:def:12311 | ||
Title: | DSA-2120-1 postgresql-8.3 -- privilege escalation | ||
Description: | Tim Bunce discovered that PostgreSQL, a database server software, does not properly separate interpreters for server-side stored procedures which run in different security contexts. As a result, non-privileged authenticated database users might gain additional privileges. Note that this security update may impact intended communication through global variables between stored procedures. It might be necessary to convert these functions to run under the plperlu or pltclu languages, with database superuser privileges. This security update also includes unrelated bug fixes from PostgreSQL 8.3.12. For the stable distribution, this problem has been fixed in version 8.3_8.3.12-0lenny1. For the unstable distribution, this problem has been fixed in version 8.4.5-1 of the postgresql-8.4 package. We recommend that you upgrade your PostgreSQL packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2120-1 CVE-2010-3433 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | postgresql-8.3 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12988 | |||
Oval ID: | oval:org.mitre.oval:def:12988 | ||
Title: | USN-1002-2 -- postgresql-8.4 vulnerability | ||
Description: | USN-1002-1 fixed vulnerabilities in PostgreSQL. This update provides the corresponding update for Ubuntu 10.10. Original advisory details: It was discovered that PostgreSQL did not properly enforce permissions within sessions when PL/Perl and PL/Tcl functions or operators were redefined. A remote authenticated attacker could exploit this to execute arbitrary code with permissions of a different user, possibly leading to privilege escalation. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1002-2 CVE-2010-3433 | Version: | 5 |
Platform(s): | Ubuntu 10.10 | Product(s): | postgresql-8.4 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21895 | |||
Oval ID: | oval:org.mitre.oval:def:21895 | ||
Title: | RHSA-2010:0908: postgresql security update (Moderate) | ||
Description: | The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0908-01 CVE-2010-3433 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | postgresql |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23035 | |||
Oval ID: | oval:org.mitre.oval:def:23035 | ||
Title: | ELSA-2010:0908: postgresql security update (Moderate) | ||
Description: | The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0908-01 CVE-2010-3433 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | postgresql |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7291 | |||
Oval ID: | oval:org.mitre.oval:def:7291 | ||
Title: | Privilege-escalation vulnerability in PostgreSQL version less than or equal to 9.0 | ||
Description: | The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3433 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | PostgreSQL |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-22 (postgresql-server postgresql-base) File : nvt/glsa_201110_22.nasl |
2011-08-09 | Name : CentOS Update for postgresql84 CESA-2010:0742 centos5 i386 File : nvt/gb_CESA-2010_0742_postgresql84_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for postgresql CESA-2010:0742 centos5 i386 File : nvt/gb_CESA-2010_0742_postgresql_centos5_i386.nasl |
2011-02-11 | Name : Fedora Update for postgresql FEDORA-2011-0963 File : nvt/gb_fedora_2011_0963_postgresql_fc13.nasl |
2010-12-02 | Name : Fedora Update for postgresql FEDORA-2010-15852 File : nvt/gb_fedora_2010_15852_postgresql_fc14.nasl |
2010-12-02 | Name : Fedora Update for sepostgresql FEDORA-2010-15870 File : nvt/gb_fedora_2010_15870_sepostgresql_fc14.nasl |
2010-11-23 | Name : Ubuntu Update for postgresql-8.4 vulnerability USN-1002-2 File : nvt/gb_ubuntu_USN_1002_2.nasl |
2010-11-17 | Name : Debian Security Advisory DSA 2120-1 (postgresql-8.3) File : nvt/deb_2120_1.nasl |
2010-11-04 | Name : Fedora Update for sepostgresql FEDORA-2010-16004 File : nvt/gb_fedora_2010_16004_sepostgresql_fc13.nasl |
2010-10-22 | Name : Fedora Update for postgresql FEDORA-2010-15954 File : nvt/gb_fedora_2010_15954_postgresql_fc12.nasl |
2010-10-22 | Name : Fedora Update for postgresql FEDORA-2010-15960 File : nvt/gb_fedora_2010_15960_postgresql_fc13.nasl |
2010-10-19 | Name : CentOS Update for postgresql CESA-2010:0742 centos4 i386 File : nvt/gb_CESA-2010_0742_postgresql_centos4_i386.nasl |
2010-10-19 | Name : RedHat Update for postgresql and postgresql84 RHSA-2010:0742-01 File : nvt/gb_RHSA-2010_0742-01_postgresql_and_postgresql84.nasl |
2010-10-19 | Name : Mandriva Update for postgresql MDVSA-2010:197 (postgresql) File : nvt/gb_mandriva_MDVSA_2010_197.nasl |
2010-10-19 | Name : Ubuntu Update for PostgreSQL vulnerability USN-1002-1 File : nvt/gb_ubuntu_USN_1002_1.nasl |
2010-10-06 | Name : PostgreSQL PL/Perl and PL/Tcl Local Privilege Escalation Vulnerability File : nvt/gb_postgresql_43747.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
68436 | PostgreSQL PL perl / Tcl SECURITY DEFINER Function Crafted Script Code Execut... PostgreSQL contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the PL/perl and PL/Tcl implementations fail to properly prevent different SQL users from executing scripts in the same session, allowing a remote authenticated attacker to use crafted script code in a SECURITY DEFINER function to gain elevated privileges, allowing the execution of SQL code with the privileges of the initial user. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-08-16 | IAVM : 2012-A-0136 - Multiple Vulnerabilities in Juniper Network Management Products Severity : Category I - VMSKEY : V0033662 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_postgresql-101019.nasl - Type : ACT_GATHER_INFO |
2013-09-13 | Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_2012_1.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0742.nasl - Type : ACT_GATHER_INFO |
2012-12-28 | Name : The remote database server is affected by a privilege escalation vulnerability. File : postgresql_20101005.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101123_postgresql_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101006_postgresql_and_postgresql84_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2011-10-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-22.nasl - Type : ACT_GATHER_INFO |
2010-11-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0908.nasl - Type : ACT_GATHER_INFO |
2010-10-29 | Name : The remote Fedora host is missing a security update. File : fedora_2010-15870.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16004.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_postgresql-101019.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_postgresql-101012.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote Fedora host is missing a security update. File : fedora_2010-15960.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_postgresql-7186.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote Fedora host is missing a security update. File : fedora_2010-15954.nasl - Type : ACT_GATHER_INFO |
2010-10-18 | Name : The remote Fedora host is missing a security update. File : fedora_2010-15852.nasl - Type : ACT_GATHER_INFO |
2010-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2120.nasl - Type : ACT_GATHER_INFO |
2010-10-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1002-1.nasl - Type : ACT_GATHER_INFO |
2010-10-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1002-2.nasl - Type : ACT_GATHER_INFO |
2010-10-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0742.nasl - Type : ACT_GATHER_INFO |
2010-10-07 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0742.nasl - Type : ACT_GATHER_INFO |
2010-10-07 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-197.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:53:53 |
|