Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Titlepostgresql and postgresql84 security update
Informations
NameRHSA-2012:0678First vendor Publication2012-05-21
VendorRedHatLast vendor Modification2012-05-21
Severity (Vendor) ModerateRevision01

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score6.8Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated postgresql84 and postgresql packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system (DBMS).

The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command might then be executed by a privileged user during later restore of the backup dump, allowing privilege escalation. (CVE-2012-0868)

When configured to do SSL certificate verification, PostgreSQL only checked the first 31 characters of the certificate's Common Name field. Depending on the configuration, this could allow an attacker to impersonate a server or a client using a certificate from a trusted Certificate Authority issued for a different name. (CVE-2012-0867)

CREATE TRIGGER did not do a permissions check on the trigger function to be called. This could possibly allow an authenticated database user to call a privileged trigger function on data of their choosing. (CVE-2012-0866)

These updated packages upgrade PostgreSQL to version 8.4.11, which fixes these issues as well as several data-corruption issues and lesser non-security issues. Refer to the PostgreSQL Release Notes for a full list of changes:

http://www.postgresql.org/docs/8.4/static/release.html

All PostgreSQL users are advised to upgrade to these updated packages, which correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update.

4. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

797222 - CVE-2012-0866 postgresql: Absent permission checks on trigger function to be called when creating a trigger 797915 - CVE-2012-0867 postgresql: MITM due improper x509_v3 CN validation during certificate verification 797917 - CVE-2012-0868 postgresql: SQL injection due unsanitized newline characters in object names

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2012-0678.html

CWE : Common Weakness Enumeration

idName
CWE-264Permissions, Privileges, and Access Controls
CWE-89Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25)
CWE-16Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21471
 
Oval ID: oval:org.mitre.oval:def:21471
Title: RHSA-2012:0677: postgresql security update (Moderate)
Description: CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.
Family: unix Class: patch
Reference(s): RHSA-2012:0677-00
CESA-2012:0677
CVE-2012-0866
CVE-2012-0868
Version: 29
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21339
 
Oval ID: oval:org.mitre.oval:def:21339
Title: RHSA-2012:0678: postgresql and postgresql84 security update (Moderate)
Description: CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.
Family: unix Class: patch
Reference(s): RHSA-2012:0678-01
CESA-2012:0678
CVE-2012-0866
CVE-2012-0867
CVE-2012-0868
Version: 42
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): postgresql84
postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15167
 
Oval ID: oval:org.mitre.oval:def:15167
Title: USN-1378-1 -- PostgreSQL vulnerabilities
Description: postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database - postgresql-8.3: Object-relational SQL database Several security issues were fixed in PostgreSQL.
Family: unix Class: patch
Reference(s): USN-1378-1
CVE-2012-0866
CVE-2012-0867
CVE-2012-0868
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 11.10
Ubuntu 8.04
Ubuntu 10.04
Ubuntu 10.10
Product(s): PostgreSQL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15024
 
Oval ID: oval:org.mitre.oval:def:15024
Title: DSA-2418-1 postgresql-8.4 -- several
Description: Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-0866 It was discovered that the permissions of a function called by a trigger are not checked. This could result in privilege escalation. CVE-2012-0867 It was discovered that only the first 32 characters of a host name are checked when validating host names through SSL certificates. This could result in spoofing the connection in limited circumstances. CVE-2012-0868 It was discovered that pg_dump did not sanitise object names. This could result in arbitrary SQL command execution if a malformed dump file is opened.
Family: unix Class: patch
Reference(s): DSA-2418-1
CVE-2012-0866
CVE-2012-0867
CVE-2012-0868
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): postgresql-8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23770
 
Oval ID: oval:org.mitre.oval:def:23770
Title: ELSA-2012:0678: postgresql and postgresql84 security update (Moderate)
Description: CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.
Family: unix Class: patch
Reference(s): ELSA-2012:0678-01
CVE-2012-0866
CVE-2012-0867
CVE-2012-0868
Version: 17
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): postgresql84
postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23418
 
Oval ID: oval:org.mitre.oval:def:23418
Title: ELSA-2012:0677: postgresql security update (Moderate)
Description: CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.
Family: unix Class: patch
Reference(s): ELSA-2012:0677-00
CVE-2012-0866
CVE-2012-0868
Version: 13
Platform(s): Oracle Linux 5
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23252
 
Oval ID: oval:org.mitre.oval:def:23252
Title: DEPRECATED: ELSA-2012:0678: postgresql and postgresql84 security update (Moderate)
Description: CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.
Family: unix Class: patch
Reference(s): ELSA-2012:0678-01
CVE-2012-0866
CVE-2012-0867
CVE-2012-0868
Version: 18
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): postgresql84
postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27850
 
Oval ID: oval:org.mitre.oval:def:27850
Title: ELSA-2012-0677 -- postgresql security update (moderate)
Description: [8.1.23-4] - Back-port upstream fixes for CVE-2012-0866 and CVE-2012-0868 Resolves: #812070 [8.1.23-3] - Back-port upstream fix for unregistering OpenSSL callbacks at close Resolves: #728828 [8.1.23-2] - Back-port upstream fix for CVE-2011-2483 Resolves: #740738
Family: unix Class: patch
Reference(s): ELSA-2012-0677
CVE-2012-0866
CVE-2012-0868
Version: 1
Platform(s): Oracle Linux 5
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27807
 
Oval ID: oval:org.mitre.oval:def:27807
Title: ELSA-2012-0678 -- postgresql and postgresql84 security update (moderate)
Description: [8.4.11-1] - Update to PostgreSQL 8.4.11, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-11.html http://www.postgresql.org/docs/8.4/static/release-8-4-10.html including the fixes for CVE-2012-0866, CVE-2012-0867, CVE-2012-0868 Resolves: #812081
Family: unix Class: patch
Reference(s): ELSA-2012-0678
CVE-2012-0867
CVE-2012-0866
CVE-2012-0868
Version: 1
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): postgresql84
postgresql
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application39

OpenVAS Exploits

DateDescription
2012-10-03Name : Gentoo Security Advisory GLSA 201209-24 (PostgreSQL)
File : nvt/glsa_201209_24.nasl
2012-08-30Name : Fedora Update for postgresql FEDORA-2012-2508
File : nvt/gb_fedora_2012_2508_postgresql_fc17.nasl
2012-08-30Name : Fedora Update for postgresql FEDORA-2012-12156
File : nvt/gb_fedora_2012_12156_postgresql_fc16.nasl
2012-07-30Name : CentOS Update for postgresql CESA-2012:0677 centos5
File : nvt/gb_CESA-2012_0677_postgresql_centos5.nasl
2012-07-30Name : CentOS Update for postgresql84 CESA-2012:0678 centos5
File : nvt/gb_CESA-2012_0678_postgresql84_centos5.nasl
2012-07-30Name : CentOS Update for postgresql CESA-2012:0678 centos6
File : nvt/gb_CESA-2012_0678_postgresql_centos6.nasl
2012-06-19Name : Fedora Update for postgresql FEDORA-2012-8893
File : nvt/gb_fedora_2012_8893_postgresql_fc16.nasl
2012-06-19Name : Fedora Update for postgresql FEDORA-2012-8915
File : nvt/gb_fedora_2012_8915_postgresql_fc15.nasl
2012-05-22Name : RedHat Update for postgresql RHSA-2012:0677-01
File : nvt/gb_RHSA-2012_0677-01_postgresql.nasl
2012-05-22Name : RedHat Update for postgresql and postgresql84 RHSA-2012:0678-01
File : nvt/gb_RHSA-2012_0678-01_postgresql_and_postgresql84.nasl
2012-04-02Name : Fedora Update for postgresql FEDORA-2012-2591
File : nvt/gb_fedora_2012_2591_postgresql_fc16.nasl
2012-03-12Name : FreeBSD Ports: postgresql-client
File : nvt/freebsd_postgresql-client0.nasl
2012-03-12Name : Debian Security Advisory DSA 2418-1 (postgresql-8.4)
File : nvt/deb_2418_1.nasl
2012-03-09Name : Fedora Update for postgresql FEDORA-2012-2589
File : nvt/gb_fedora_2012_2589_postgresql_fc15.nasl
2012-03-07Name : Ubuntu Update for postgresql-9.1 USN-1378-1
File : nvt/gb_ubuntu_USN_1378_1.nasl
2012-03-07Name : Mandriva Update for postgresql MDVSA-2012:026 (postgresql)
File : nvt/gb_mandriva_MDVSA_2012_026.nasl
2012-03-07Name : Mandriva Update for postgresql8.3 MDVSA-2012:027 (postgresql8.3)
File : nvt/gb_mandriva_MDVSA_2012_027.nasl

Nessus® Vulnerability Scanner

DateDescription
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-603.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-214.nasl - Type : ACT_GATHER_INFO
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-82.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0677.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0678.nasl - Type : ACT_GATHER_INFO
2013-01-25Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_postgresql-120322.nasl - Type : ACT_GATHER_INFO
2012-12-28Name : The remote database server is affected by multiple vulnerabilities.
File : postgresql_20120227.nasl - Type : ACT_GATHER_INFO
2012-12-28Name : The remote database server is affected by multiple vulnerabilities.
File : postgresql_8318.nasl - Type : ACT_GATHER_INFO
2012-09-29Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201209-24.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120521_postgresql_and_postgresql84_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120521_postgresql_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-06-15Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-092.nasl - Type : ACT_GATHER_INFO
2012-06-06Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-8071.nasl - Type : ACT_GATHER_INFO
2012-05-22Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0677.nasl - Type : ACT_GATHER_INFO
2012-05-22Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0678.nasl - Type : ACT_GATHER_INFO
2012-05-22Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0677.nasl - Type : ACT_GATHER_INFO
2012-05-22Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0678.nasl - Type : ACT_GATHER_INFO
2012-03-08Name : The remote Fedora host is missing a security update.
File : fedora_2012-2589.nasl - Type : ACT_GATHER_INFO
2012-03-08Name : The remote Fedora host is missing a security update.
File : fedora_2012-2591.nasl - Type : ACT_GATHER_INFO
2012-03-07Name : The remote Fedora host is missing a security update.
File : fedora_2012-2508.nasl - Type : ACT_GATHER_INFO
2012-03-01Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-026.nasl - Type : ACT_GATHER_INFO
2012-02-29Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_174b8864623711e1be1814dae938ec40.nasl - Type : ACT_GATHER_INFO
2012-02-29Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1378-1.nasl - Type : ACT_GATHER_INFO
2012-02-28Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2418.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 11:55:56
  • Multiple Updates
2013-01-04 13:21:01
  • Multiple Updates