KLA11202PE vulnerabilities in PostgreSQL

2018-01-03T00:00:00
ID KLA11202
Type kaspersky
Reporter Kaspersky Lab
Modified 2019-03-07T00:00:00

Description

Detect date:

01/03/2018

Severity:

Critical

Description:

A vulnerabilyty was found in PostgreSQL. This vulnerability allow a user to modify the behavior of a query for other users and can be exploited to execute code with the permissions of superuser in the database.

Affected products:

PostgreSQL 9.6 versions earlier than 9.6.8
PostgreSQL 9.5 versions earlier than 9.5.12
PostgreSQL 9.4 versions earlier than 9.4.17
PostgreSQL 9.3 versions earlier than 9.3.22
PostgreSQL 10 versions earlier than 10.3
PostgreSQL 9.6 versions earlier than 9.6.8
PostgreSQL 9.5 versions earlier than 9.5.12
PostgreSQL 9.4 versions earlier than 9.4.17
PostgreSQL 9.3 versions earlier than 9.3.22
PostgreSQL 10 versions earlier than 10.3

Solution:

Protect PostgreSQL installations
A Guide to CVE-2018-1058: Protect Your Search Path

Original advisories:

Security Update Release

Impacts:

PE

Related products:

PostgreSQL

CVE-IDS:

CVE-2018-10586.5Critical