Executive Summary

Summary
Title postgresql and postgresql84 security update
Informations
Name RHSA-2010:0742 First vendor Publication 2010-10-06
Vendor RedHat Last vendor Modification 2010-10-06
Severity (Vendor) Moderate Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Cvss Base Score 6 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 6.8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated postgresql and postgresql84 packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system (DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages. The PostgreSQL SECURITY DEFINER parameter, which can be used when creating a new PostgreSQL function, specifies that the function will be executed with the privileges of the user that created it.

It was discovered that a user could utilize the features of the PL/Perl and PL/Tcl languages to modify the behavior of a SECURITY DEFINER function created by a different user. If the PL/Perl or PL/Tcl language was used to implement a SECURITY DEFINER function, an authenticated database user could use a PL/Perl or PL/Tcl script to modify the behavior of that function during subsequent calls in the same session. This would result in the modified or injected code also being executed with the privileges of the user who created the SECURITY DEFINER function, possibly leading to privilege escalation. (CVE-2010-3433)

For Red Hat Enterprise Linux 4, the updated postgresql packages upgrade PostgreSQL to version 7.4.30. Refer to the PostgreSQL Release Notes for a list of changes:

http://www.postgresql.org/docs/7.4/static/release.html

For Red Hat Enterprise Linux 5, the updated postgresql packages upgrade PostgreSQL to version 8.1.22, and the updated postgresql84 packages upgrade PostgreSQL to version 8.4.5. Refer to the PostgreSQL Release Notes for a list of changes:

http://www.postgresql.org/docs/8.1/static/release.html http://www.postgresql.org/docs/8.4/static/release.html

All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update.

4. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

639371 - CVE-2010-3433 PostgreSQL (PL/Perl, PL/Tcl): SECURITY DEFINER function keyword bypass

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2010-0742.html

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12311
 
Oval ID: oval:org.mitre.oval:def:12311
Title: DSA-2120-1 postgresql-8.3 -- privilege escalation
Description: Tim Bunce discovered that PostgreSQL, a database server software, does not properly separate interpreters for server-side stored procedures which run in different security contexts. As a result, non-privileged authenticated database users might gain additional privileges. Note that this security update may impact intended communication through global variables between stored procedures. It might be necessary to convert these functions to run under the plperlu or pltclu languages, with database superuser privileges. This security update also includes unrelated bug fixes from PostgreSQL 8.3.12. For the stable distribution, this problem has been fixed in version 8.3_8.3.12-0lenny1. For the unstable distribution, this problem has been fixed in version 8.4.5-1 of the postgresql-8.4 package. We recommend that you upgrade your PostgreSQL packages.
Family: unix Class: patch
Reference(s): DSA-2120-1
CVE-2010-3433
 Version: 5
Platform(s): Debian GNU/Linux 5.0
 Product(s): postgresql-8.3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12988
 
Oval ID: oval:org.mitre.oval:def:12988
Title: USN-1002-2 -- postgresql-8.4 vulnerability
Description: USN-1002-1 fixed vulnerabilities in PostgreSQL. This update provides the corresponding update for Ubuntu 10.10. Original advisory details: It was discovered that PostgreSQL did not properly enforce permissions within sessions when PL/Perl and PL/Tcl functions or operators were redefined. A remote authenticated attacker could exploit this to execute arbitrary code with permissions of a different user, possibly leading to privilege escalation.
Family: unix Class: patch
Reference(s): USN-1002-2
CVE-2010-3433
 Version: 5
Platform(s): Ubuntu 10.10
 Product(s): postgresql-8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13340
 
Oval ID: oval:org.mitre.oval:def:13340
Title: USN-1002-1 -- postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerability
Description: It was discovered that PostgreSQL did not properly enforce permissions within sessions when PL/Perl and PL/Tcl functions or operators were redefined. A remote authenticated attacker could exploit this to execute arbitrary code with permissions of a different user, possibly leading to privilege escalation.
Family: unix Class: patch
Reference(s): USN-1002-1
CVE-2010-3433
 Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.04
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
 Product(s): postgresql-8.1
postgresql-8.3
postgresql-8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21895
 
Oval ID: oval:org.mitre.oval:def:21895
Title: RHSA-2010:0908: postgresql security update (Moderate)
Description: The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.
Family: unix Class: patch
Reference(s): RHSA-2010:0908-01
CVE-2010-3433
 Version: 4
Platform(s): Red Hat Enterprise Linux 6
 Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22220
 
Oval ID: oval:org.mitre.oval:def:22220
Title: RHSA-2010:0742: postgresql and postgresql84 security update (Moderate)
Description: The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.
Family: unix Class: patch
Reference(s): RHSA-2010:0742-01
CESA-2010:0742
CVE-2010-3433
 Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): postgresql
postgresql84
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22819
 
Oval ID: oval:org.mitre.oval:def:22819
Title: ELSA-2010:0742: postgresql and postgresql84 security update (Moderate)
Description: The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.
Family: unix Class: patch
Reference(s): ELSA-2010:0742-01
CVE-2010-3433
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): postgresql
postgresql84
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23035
 
Oval ID: oval:org.mitre.oval:def:23035
Title: ELSA-2010:0908: postgresql security update (Moderate)
Description: The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.
Family: unix Class: patch
Reference(s): ELSA-2010:0908-01
CVE-2010-3433
 Version: 6
Platform(s): Oracle Linux 6
 Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7291
 
Oval ID: oval:org.mitre.oval:def:7291
Title: Privilege-escalation vulnerability in PostgreSQL version less than or equal to 9.0
Description: The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3433
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): PostgreSQL
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 114

OpenVAS Exploits

Date Description
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-22 (postgresql-server postgresql-base)
File : nvt/glsa_201110_22.nasl
2011-08-09 Name : CentOS Update for postgresql84 CESA-2010:0742 centos5 i386
File : nvt/gb_CESA-2010_0742_postgresql84_centos5_i386.nasl
2011-08-09 Name : CentOS Update for postgresql CESA-2010:0742 centos5 i386
File : nvt/gb_CESA-2010_0742_postgresql_centos5_i386.nasl
2011-02-11 Name : Fedora Update for postgresql FEDORA-2011-0963
File : nvt/gb_fedora_2011_0963_postgresql_fc13.nasl
2010-12-02 Name : Fedora Update for postgresql FEDORA-2010-15852
File : nvt/gb_fedora_2010_15852_postgresql_fc14.nasl
2010-12-02 Name : Fedora Update for sepostgresql FEDORA-2010-15870
File : nvt/gb_fedora_2010_15870_sepostgresql_fc14.nasl
2010-11-23 Name : Ubuntu Update for postgresql-8.4 vulnerability USN-1002-2
File : nvt/gb_ubuntu_USN_1002_2.nasl
2010-11-17 Name : Debian Security Advisory DSA 2120-1 (postgresql-8.3)
File : nvt/deb_2120_1.nasl
2010-11-04 Name : Fedora Update for sepostgresql FEDORA-2010-16004
File : nvt/gb_fedora_2010_16004_sepostgresql_fc13.nasl
2010-10-22 Name : Fedora Update for postgresql FEDORA-2010-15954
File : nvt/gb_fedora_2010_15954_postgresql_fc12.nasl
2010-10-22 Name : Fedora Update for postgresql FEDORA-2010-15960
File : nvt/gb_fedora_2010_15960_postgresql_fc13.nasl
2010-10-19 Name : CentOS Update for postgresql CESA-2010:0742 centos4 i386
File : nvt/gb_CESA-2010_0742_postgresql_centos4_i386.nasl
2010-10-19 Name : RedHat Update for postgresql and postgresql84 RHSA-2010:0742-01
File : nvt/gb_RHSA-2010_0742-01_postgresql_and_postgresql84.nasl
2010-10-19 Name : Mandriva Update for postgresql MDVSA-2010:197 (postgresql)
File : nvt/gb_mandriva_MDVSA_2010_197.nasl
2010-10-19 Name : Ubuntu Update for PostgreSQL vulnerability USN-1002-1
File : nvt/gb_ubuntu_USN_1002_1.nasl
2010-10-06 Name : PostgreSQL PL/Perl and PL/Tcl Local Privilege Escalation Vulnerability
File : nvt/gb_postgresql_43747.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
68436 PostgreSQL PL perl / Tcl SECURITY DEFINER Function Crafted Script Code Execut...

PostgreSQL contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the PL/perl and PL/Tcl implementations fail to properly prevent different SQL users from executing scripts in the same session, allowing a remote authenticated attacker to use crafted script code in a SECURITY DEFINER function to gain elevated privileges, allowing the execution of SQL code with the privileges of the initial user.

Information Assurance Vulnerability Management (IAVM)

Date Description
2012-08-16 IAVM : 2012-A-0136 - Multiple Vulnerabilities in Juniper Network Management Products
Severity : Category I - VMSKEY : V0033662

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_postgresql-101019.nasl - Type : ACT_GATHER_INFO
2013-09-13 Name : The remote host is affected by multiple vulnerabilities.
File : juniper_nsm_2012_1.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0742.nasl - Type : ACT_GATHER_INFO
2012-12-28 Name : The remote database server is affected by a privilege escalation vulnerability.
File : postgresql_20101005.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101123_postgresql_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101006_postgresql_and_postgresql84_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-10-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201110-22.nasl - Type : ACT_GATHER_INFO
2010-11-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0908.nasl - Type : ACT_GATHER_INFO
2010-10-29 Name : The remote Fedora host is missing a security update.
File : fedora_2010-15870.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote Fedora host is missing a security update.
File : fedora_2010-16004.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_postgresql-101019.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_postgresql-101012.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote Fedora host is missing a security update.
File : fedora_2010-15960.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-7186.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote Fedora host is missing a security update.
File : fedora_2010-15954.nasl - Type : ACT_GATHER_INFO
2010-10-18 Name : The remote Fedora host is missing a security update.
File : fedora_2010-15852.nasl - Type : ACT_GATHER_INFO
2010-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2120.nasl - Type : ACT_GATHER_INFO
2010-10-08 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1002-1.nasl - Type : ACT_GATHER_INFO
2010-10-08 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1002-2.nasl - Type : ACT_GATHER_INFO
2010-10-07 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0742.nasl - Type : ACT_GATHER_INFO
2010-10-07 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0742.nasl - Type : ACT_GATHER_INFO
2010-10-07 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-197.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:53:53
  • Multiple Updates