ArchLinuxASA-201908-7[ASA-201908-7] postgresql-libs: multiple issues
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.5%
Arch Linux Security Advisory ASA-201908-7
Severity: Medium
Date : 2019-08-10
CVE-ID : CVE-2019-10208 CVE-2019-10209
Package : postgresql-libs
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1019
Summary
The package postgresql-libs before version 11.5-1 is vulnerable to
multiple issues including access restriction bypass and information
disclosure.
Resolution
Upgrade to 11.5-1.
pacman -Syu “postgresql-libs>=11.5-1”
The problems have been fixed upstream in version 11.5.
Workaround
None.
Description
- CVE-2019-10208 (access restriction bypass)
A security issue has been found in PostgreSQL < 11.5 where given a
suitable SECURITY DEFINER function, an attacker can execute arbitrary
SQL under the identity of the function owner. An attack requires
EXECUTE permission on the function, which must itself contain a
function call having inexact argument type match. For example,
length(‘foo’::varchar) and length(‘foo’) are inexact, while
length(‘foo’::text) is exact. As part of exploiting this vulnerability,
the attacker uses CREATE DOMAIN to create a type in a pg_temp schema.
The attack pattern and fix are similar to that for CVE-2007-2138.
- CVE-2019-10209 (information disclosure)
An issue has been found in PostgreSQL >= 11.0 and < 11.5. In a database
containing hypothetical, user-defined hash equality operators, an
attacker could read arbitrary bytes of server memory. For an attack to
become possible, a superuser would need to create unusual operators. It
is possible for operators not purpose-crafted for attack to have the
properties that enable an attack, but we are not aware of specific
examples.
Impact
An authenticated attacker can read arbitrary bytes of server memory or
execute arbitrary SQL commands under a different identity than its own.
References
https://www.postgresql.org/about/news/1960/
https://bugzilla.redhat.com/show_bug.cgi?id=1734416
https://bugzilla.redhat.com/show_bug.cgi?id=1734447
https://security.archlinux.org/CVE-2019-10208
https://security.archlinux.org/CVE-2019-10209
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ArchLinux | any | any | postgresql-libs | < 11.5-1 | UNKNOWN |
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.5%