Vulners
Lucene search
Amazon Linux 2 : postgresql (ALASPOSTGRESQL13-2024-008)
10
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALASPOSTGRESQL13-2024-008.
##
include('compat.inc');
if (description)
{
script_id(213349);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2025/02/21");
script_cve_id(
"CVE-2024-10976",
"CVE-2024-10977",
"CVE-2024-10978",
"CVE-2024-10979"
);
script_xref(name:"IAVB", value:"2024-B-0175-S");
script_name(english:"Amazon Linux 2 : postgresql (ALASPOSTGRESQL13-2024-008)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The version of postgresql installed on the remote host is prior to 13.17-1. It is, therefore, affected by multiple
vulnerabilities as referenced in the ALAS2POSTGRESQL13-2024-008 advisory.
Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change
different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row
security and user ID changes. They missed cases where a subquery, WITH query, security invoker view, or
SQL-language function references a table with a row-level security policy. This has the same consequences
as the two earlier CVEs. That is to say, it leads to potentially incorrect policies being applied in
cases where role-specific policies are used and a given query is planned under one role and then executed
under other roles. This scenario can happen under security definer functions or when a common user and
query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may
permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that
have used CREATE POLICY to define a row security policy. An attacker must tailor an attack to a
particular application's pattern of query plan reuse, user ID changes, and role-specific row security
policies. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
(CVE-2024-10976)
Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS
settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle
attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid
query results. This is probably not a concern for clients where the user interface unambiguously indicates
the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14,
13.17, and 12.21 are affected. (CVE-2024-10977)
Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change
different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION
AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters
from the attacker or conveys query results to the attacker. If that query reacts to
current_setting('role') or the current user ID, it may modify or return data as though the session had not
used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID
applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION
AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14,
13.17, and 12.21 are affected. (CVE-2024-10978)
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to
change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code
execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL
17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected. (CVE-2024-10979)
Tenable has extracted the preceding description block directly from the tested product security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALASPOSTGRESQL13-2024-008.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2024-10976.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2024-10977.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2024-10978.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2024-10979.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
script_set_attribute(attribute:"solution", value:
"Run 'yum update postgresql' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-10979");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/11/12");
script_set_attribute(attribute:"patch_publication_date", value:"2024/12/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/12/23");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql-contrib");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql-docs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql-llvmjit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql-plperl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql-plpython3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql-pltcl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql-private-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql-private-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql-server-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql-static");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql-test");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql-test-rpm-macros");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql-upgrade");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql-upgrade-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024-2025 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var REPOS_FOUND = TRUE;
var extras_list = get_kb_item("Host/AmazonLinux/extras_label_list");
if (isnull(extras_list)) REPOS_FOUND = FALSE;
var repository = '"amzn2extra-postgresql13"';
if (REPOS_FOUND && (repository >!< extras_list)) exit(0, AFFECTED_REPO_NOT_ENABLED);
var pkgs = [
{'reference':'postgresql-13.17-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-13.17-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-13.17-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-contrib-13.17-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-contrib-13.17-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-contrib-13.17-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-debuginfo-13.17-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-debuginfo-13.17-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-debuginfo-13.17-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-docs-13.17-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-docs-13.17-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-docs-13.17-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-llvmjit-13.17-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-llvmjit-13.17-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-llvmjit-13.17-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-plperl-13.17-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-plperl-13.17-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-plperl-13.17-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-plpython3-13.17-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-plpython3-13.17-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-plpython3-13.17-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-pltcl-13.17-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-pltcl-13.17-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-pltcl-13.17-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-private-devel-13.17-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-private-devel-13.17-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-private-devel-13.17-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-private-libs-13.17-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-private-libs-13.17-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-private-libs-13.17-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-server-13.17-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-server-13.17-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-server-13.17-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-server-devel-13.17-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-server-devel-13.17-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-server-devel-13.17-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-static-13.17-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-static-13.17-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-static-13.17-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-test-13.17-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-test-13.17-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-test-13.17-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-test-rpm-macros-13.17-1.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-upgrade-13.17-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-upgrade-13.17-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-upgrade-13.17-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-upgrade-devel-13.17-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-upgrade-devel-13.17-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'},
{'reference':'postgresql-upgrade-devel-13.17-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'postgresql13'}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = rpm_report_get();
if (!REPOS_FOUND) extra = rpm_report_get() + report_repo_caveat();
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql / postgresql-contrib / postgresql-debuginfo / etc");
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
21 Feb 2025 00:00Current
7.3High risk
Vulners AI Score7.3
CVSS 25
CVSS 37.5
CVSS 3.18.8
EPSS0.06356
SSVC