AmazonALAS-2020-1443Medium: postgresql96
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
56.5%
Issue Overview:
PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker. (CVE-2019-10130)
A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. (CVE-2019-10208)
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23. (CVE-2020-14350)
A flaw was found in PostgreSQL’s “ALTER … DEPENDS ON EXTENSION”, where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. (CVE-2020-1720)
Affected Packages:
postgresql96
Issue Correction:
Run yum update postgresql96 to update your system.
New Packages:
i686:
postgresql96-test-9.6.19-1.83.amzn1.i686
postgresql96-9.6.19-1.83.amzn1.i686
postgresql96-devel-9.6.19-1.83.amzn1.i686
postgresql96-docs-9.6.19-1.83.amzn1.i686
postgresql96-plperl-9.6.19-1.83.amzn1.i686
postgresql96-static-9.6.19-1.83.amzn1.i686
postgresql96-server-9.6.19-1.83.amzn1.i686
postgresql96-contrib-9.6.19-1.83.amzn1.i686
postgresql96-plpython27-9.6.19-1.83.amzn1.i686
postgresql96-debuginfo-9.6.19-1.83.amzn1.i686
postgresql96-libs-9.6.19-1.83.amzn1.i686
postgresql96-plpython26-9.6.19-1.83.amzn1.i686
src:
postgresql96-9.6.19-1.83.amzn1.src
x86_64:
postgresql96-9.6.19-1.83.amzn1.x86_64
postgresql96-test-9.6.19-1.83.amzn1.x86_64
postgresql96-docs-9.6.19-1.83.amzn1.x86_64
postgresql96-devel-9.6.19-1.83.amzn1.x86_64
postgresql96-libs-9.6.19-1.83.amzn1.x86_64
postgresql96-static-9.6.19-1.83.amzn1.x86_64
postgresql96-server-9.6.19-1.83.amzn1.x86_64
postgresql96-plpython26-9.6.19-1.83.amzn1.x86_64
postgresql96-plpython27-9.6.19-1.83.amzn1.x86_64
postgresql96-debuginfo-9.6.19-1.83.amzn1.x86_64
postgresql96-plperl-9.6.19-1.83.amzn1.x86_64
postgresql96-contrib-9.6.19-1.83.amzn1.x86_64
Additional References
Red Hat: CVE-2019-10130, CVE-2019-10208, CVE-2020-14350, CVE-2020-1720
Mitre: CVE-2019-10130, CVE-2019-10208, CVE-2020-14350, CVE-2020-1720
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
56.5%