Lucene search

K
archlinuxArchLinuxASA-202106-15
HistoryJun 01, 2021 - 12:00 a.m.

[ASA-202106-15] postgresql: multiple issues

2021-06-0100:00:00
security.archlinux.org
167

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.007 Low

EPSS

Percentile

80.4%

Arch Linux Security Advisory ASA-202106-15

Severity: Medium
Date : 2021-06-01
CVE-ID : CVE-2021-32027 CVE-2021-32028 CVE-2021-32029
Package : postgresql
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1956

Summary

The package postgresql before version 13.3-1 is vulnerable to multiple
issues including arbitrary code execution and information disclosure.

Resolution

Upgrade to 13.3-1.

pacman -Syu “postgresql>=13.3-1”

The problems have been fixed upstream in version 13.3.

Workaround

None.

Description

  • CVE-2021-32027 (arbitrary code execution)

A security issue was found in PostgreSQL before version 13.3. While
modifying certain SQL array values, missing bounds checks let
authenticated database users write arbitrary bytes to a wide area of
server memory.

  • CVE-2021-32028 (information disclosure)

A security issue was found in PostgreSQL before version 13.3. Using an
INSERT … ON CONFLICT … DO UPDATE command on a purpose-crafted
table, an attacker can read arbitrary bytes of server memory. In the
default configuration, any authenticated database user can create
prerequisite objects and complete this attack at will. A user lacking
the CREATE and TEMPORARY privileges on all databases and the CREATE
privilege on all schemas cannot use this attack at will.

  • CVE-2021-32029 (information disclosure)

A security issue was found in PostgreSQL before version 13.3. Using an
UPDATE … RETURNING on a purpose-crafted partitioned table, an
attacker can read arbitrary bytes of server memory. In the default
configuration, any authenticated database user can create prerequisite
objects and complete this attack at will. A user lacking the CREATE and
TEMPORARY privileges on all databases and the CREATE privilege on all
schemas typically cannot use this attack at will.

Impact

An authenticated remote attacker could read the database server memory
or execute arbitrary code on the server.

References

https://www.postgresql.org/support/security/CVE-2021-32027/
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=467395bfdf33f1ccf67ca388ffdcc927271544cb
https://www.postgresql.org/support/security/CVE-2021-32028/
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=4a8656a7ee0c155b0249376af58eb3fc3a90415f
https://www.postgresql.org/support/security/CVE-2021-32029/
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=a71cfc56bf6013e3ea1d673acaf73fe7ebbd6bf3
https://security.archlinux.org/CVE-2021-32027
https://security.archlinux.org/CVE-2021-32028
https://security.archlinux.org/CVE-2021-32029

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanypostgresql< 13.3-1UNKNOWN

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.007 Low

EPSS

Percentile

80.4%