Executive Summary

Summary
Titlepostgresql and postgresql84 security update
Informations
NameRHSA-2012:0678First vendor Publication2012-05-21
VendorRedHatLast vendor Modification2012-05-21
Severity (Vendor) ModerateRevision01

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score6.8Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated postgresql84 and postgresql packages that fix three security issues
are now available for Red Hat Enterprise Linux 5 and 6 respectively.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system
(DBMS).

The pg_dump utility inserted object names literally into comments in the
SQL script it produces. An unprivileged database user could create an
object whose name includes a newline followed by an SQL command. This SQL
command might then be executed by a privileged user during later restore of
the backup dump, allowing privilege escalation. (CVE-2012-0868)

When configured to do SSL certificate verification, PostgreSQL only checked
the first 31 characters of the certificate's Common Name field. Depending
on the configuration, this could allow an attacker to impersonate a server
or a client using a certificate from a trusted Certificate Authority issued
for a different name. (CVE-2012-0867)

CREATE TRIGGER did not do a permissions check on the trigger function to
be called. This could possibly allow an authenticated database user to
call a privileged trigger function on data of their choosing.
(CVE-2012-0866)

These updated packages upgrade PostgreSQL to version 8.4.11, which fixes
these issues as well as several data-corruption issues and lesser
non-security issues. Refer to the PostgreSQL Release Notes for a full list
of changes:

http://www.postgresql.org/docs/8.4/static/release.html

All PostgreSQL users are advised to upgrade to these updated packages,
which correct these issues. If the postgresql service is running, it will
be automatically restarted after installing this update.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

797222 - CVE-2012-0866 postgresql: Absent permission checks on trigger function to be called when creating a trigger
797915 - CVE-2012-0867 postgresql: MITM due improper x509_v3 CN validation during certificate verification
797917 - CVE-2012-0868 postgresql: SQL injection due unsanitized newline characters in object names

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2012-0678.html

CWE : Common Weakness Enumeration

idName
CWE-264Permissions, Privileges, and Access Controls
CWE-89Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')
CWE-16Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21471
 
Oval ID: oval:org.mitre.oval:def:21471
Title: RHSA-2012:0677: postgresql security update (Moderate)
Description: CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.
Family: unix Class: patch
Reference(s): RHSA-2012:0677-00
CESA-2012:0677
CVE-2012-0866
CVE-2012-0868
Version: 29
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21339
 
Oval ID: oval:org.mitre.oval:def:21339
Title: RHSA-2012:0678: postgresql and postgresql84 security update (Moderate)
Description: CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.
Family: unix Class: patch
Reference(s): RHSA-2012:0678-01
CESA-2012:0678
CVE-2012-0866
CVE-2012-0867
CVE-2012-0868
Version: 42
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): postgresql84
postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23770
 
Oval ID: oval:org.mitre.oval:def:23770
Title: ELSA-2012:0678: postgresql and postgresql84 security update (Moderate)
Description: CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.
Family: unix Class: patch
Reference(s): ELSA-2012:0678-01
CVE-2012-0866
CVE-2012-0867
CVE-2012-0868
Version: 14
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23418
 
Oval ID: oval:org.mitre.oval:def:23418
Title: ELSA-2012:0677: postgresql security update (Moderate)
Description: CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.
Family: unix Class: patch
Reference(s): ELSA-2012:0677-00
CVE-2012-0866
CVE-2012-0868
Version: 10
Platform(s): Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23252
 
Oval ID: oval:org.mitre.oval:def:23252
Title: ELSA-2012:0678: postgresql and postgresql84 security update (Moderate)
Description: CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.
Family: unix Class: patch
Reference(s): ELSA-2012:0678-01
CVE-2012-0866
CVE-2012-0867
CVE-2012-0868
Version: 14
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application39

OpenVAS Exploits

DateDescription
2012-10-03Name : Gentoo Security Advisory GLSA 201209-24 (PostgreSQL)
File : nvt/glsa_201209_24.nasl
2012-08-30Name : Fedora Update for postgresql FEDORA-2012-2508
File : nvt/gb_fedora_2012_2508_postgresql_fc17.nasl
2012-08-30Name : Fedora Update for postgresql FEDORA-2012-12156
File : nvt/gb_fedora_2012_12156_postgresql_fc16.nasl
2012-07-30Name : CentOS Update for postgresql CESA-2012:0677 centos5
File : nvt/gb_CESA-2012_0677_postgresql_centos5.nasl
2012-07-30Name : CentOS Update for postgresql84 CESA-2012:0678 centos5
File : nvt/gb_CESA-2012_0678_postgresql84_centos5.nasl
2012-07-30Name : CentOS Update for postgresql CESA-2012:0678 centos6
File : nvt/gb_CESA-2012_0678_postgresql_centos6.nasl
2012-06-19Name : Fedora Update for postgresql FEDORA-2012-8893
File : nvt/gb_fedora_2012_8893_postgresql_fc16.nasl
2012-06-19Name : Fedora Update for postgresql FEDORA-2012-8915
File : nvt/gb_fedora_2012_8915_postgresql_fc15.nasl
2012-05-22Name : RedHat Update for postgresql RHSA-2012:0677-01
File : nvt/gb_RHSA-2012_0677-01_postgresql.nasl
2012-05-22Name : RedHat Update for postgresql and postgresql84 RHSA-2012:0678-01
File : nvt/gb_RHSA-2012_0678-01_postgresql_and_postgresql84.nasl
2012-04-02Name : Fedora Update for postgresql FEDORA-2012-2591
File : nvt/gb_fedora_2012_2591_postgresql_fc16.nasl
2012-03-12Name : FreeBSD Ports: postgresql-client
File : nvt/freebsd_postgresql-client0.nasl
2012-03-12Name : Debian Security Advisory DSA 2418-1 (postgresql-8.4)
File : nvt/deb_2418_1.nasl
2012-03-09Name : Fedora Update for postgresql FEDORA-2012-2589
File : nvt/gb_fedora_2012_2589_postgresql_fc15.nasl
2012-03-07Name : Ubuntu Update for postgresql-9.1 USN-1378-1
File : nvt/gb_ubuntu_USN_1378_1.nasl
2012-03-07Name : Mandriva Update for postgresql MDVSA-2012:026 (postgresql)
File : nvt/gb_mandriva_MDVSA_2012_026.nasl
2012-03-07Name : Mandriva Update for postgresql8.3 MDVSA-2012:027 (postgresql8.3)
File : nvt/gb_mandriva_MDVSA_2012_027.nasl

Nessus® Vulnerability Scanner

DateDescription
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-82.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0677.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0678.nasl - Type : ACT_GATHER_INFO
2013-01-25Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_postgresql-120322.nasl - Type : ACT_GATHER_INFO
2012-12-28Name : The remote database server is affected by multiple vulnerabilities.
File : postgresql_20120227.nasl - Type : ACT_GATHER_INFO
2012-12-28Name : The remote database server is affected by multiple vulnerabilities.
File : postgresql_8318.nasl - Type : ACT_GATHER_INFO
2012-09-29Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201209-24.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120521_postgresql_and_postgresql84_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120521_postgresql_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-06-15Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-092.nasl - Type : ACT_GATHER_INFO
2012-06-06Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-8071.nasl - Type : ACT_GATHER_INFO
2012-05-22Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0677.nasl - Type : ACT_GATHER_INFO
2012-05-22Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0678.nasl - Type : ACT_GATHER_INFO
2012-05-22Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0677.nasl - Type : ACT_GATHER_INFO
2012-05-22Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0678.nasl - Type : ACT_GATHER_INFO
2012-03-08Name : The remote Fedora host is missing a security update.
File : fedora_2012-2589.nasl - Type : ACT_GATHER_INFO
2012-03-08Name : The remote Fedora host is missing a security update.
File : fedora_2012-2591.nasl - Type : ACT_GATHER_INFO
2012-03-07Name : The remote Fedora host is missing a security update.
File : fedora_2012-2508.nasl - Type : ACT_GATHER_INFO
2012-03-01Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-026.nasl - Type : ACT_GATHER_INFO
2012-02-29Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_174b8864623711e1be1814dae938ec40.nasl - Type : ACT_GATHER_INFO
2012-02-29Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1378-1.nasl - Type : ACT_GATHER_INFO
2012-02-28Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2418.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 11:55:56
  • Multiple Updates
2013-01-04 13:21:01
  • Multiple Updates