Lucene search

K
freebsdFreeBSDBBB18FCB-7F0D-11EE-94B4-6CC21735F730
HistoryNov 09, 2023 - 12:00 a.m.

postgresql-server -- Role pg_cancel_backend can signal certain superuser processes

2023-11-0900:00:00
vuxml.freebsd.org
10
postgresql
pg_cancel_backend
superuser
background workers
autovacuum launcher
logical replication launcher
vulnerability
denial of service

4.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.8%

PostgreSQL Project reports:

    Documentation says the pg_cancel_backend role cannot
    signal "a backend owned by a superuser". On the
    contrary, it can signal background workers, including
    the logical replication launcher. It can signal
    autovacuum workers and the autovacuum launcher.
    Signaling autovacuum workers and those two launchers
    provides no meaningful exploit, so exploiting this
    vulnerability requires a non-core extension with a
    less-resilient background worker. For example, a
    non-core background worker that does not auto-restart
    would experience a denial of service with respect to
    that particular background worker.
OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchpostgresql-server< 16.1UNKNOWN

4.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.8%