Lucene search

Amazon Linux AMI : postgresql95 / postgresql96 (ALAS-2017-930)

Amazon Linux AMI: Privilege escalation flaws in PostgreSQL 95/96 (ALAS-2017-930

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 113
Kaspersky	KLA11147 Multiple vulnerabilities in PostgreSQL	9 Nov 201700:00	–	kaspersky
Tenable Nessus	PostgreSQL 9.2.x < 9.2.24 / 9.3.x < 9.3.20 / 9.4.x < 9.4.15 / 9.5.x < 9.5.10 / 9.6.x < 9.6.6 / 10.x < 10.1 Multiple Vulnerabilities	15 Nov 201700:00	–	nessus
Tenable Nessus	Amazon Linux AMI : postgresql92 / postgresql93,postgresql94 (ALAS-2017-931)	7 Dec 201700:00	–	nessus
Tenable Nessus	SUSE SLED12 / SLES12 Security Update : postgresql94 (SUSE-SU-2018:0081-1)	15 Jan 201800:00	–	nessus
Tenable Nessus	openSUSE Security Update : postgresql94 (openSUSE-2018-38)	16 Jan 201800:00	–	nessus
Tenable Nessus	Debian DSA-4028-1 : postgresql-9.6 - security update	10 Nov 201700:00	–	nessus
Tenable Nessus	SUSE SLES11 Security Update : postgresql94 (SUSE-SU-2018:0077-1)	15 Jan 201800:00	–	nessus
Tenable Nessus	openSUSE Security Update : postgresql96 (openSUSE-2017-1411)	26 Dec 201700:00	–	nessus
Tenable Nessus	SUSE SLED12 / SLES12 Security Update : postgresql96 (SUSE-SU-2017:3391-1)	26 Dec 201700:00	–	nessus
Tenable Nessus	FreeBSD : PostgreSQL vulnerabilities (1f02af5d-c566-11e7-a12d-6cc21735f730)	10 Nov 201700:00	–	nessus

Source	Link
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
alas	www.alas.aws.amazon.com/ALAS-2017-930.html
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2017-930.
#

include("compat.inc");

if (description)
{
  script_id(105054);
  script_version("3.8");
  script_cvs_date("Date: 2018/04/18 15:09:36");

  script_cve_id("CVE-2017-12172", "CVE-2017-15098", "CVE-2017-15099");
  script_xref(name:"ALAS", value:"2017-930");

  script_name(english:"Amazon Linux AMI : postgresql95 / postgresql96 (ALAS-2017-930)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Privilege escalation flaws were found in the initialization scripts of
PostgreSQL. A remote attacker with access to the postgres user account
could use these flaws to obtain root access on the server
machine.(CVE-2017-12172)

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL disclose table
contents that the invoker lacks privilege to read. These exploits
affect only tables where the attacker lacks full read access but has
both INSERT and UPDATE privileges. Exploits bypass row level security
policies and lack of SELECT privilege.(CVE-2017-15099)

Invalid json_populate_recordset or jsonb_populate_recordset function
calls in PostgreSQL can crash the server or disclose a few bytes of
server memory.(CVE-2017-15098)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2017-930.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Run 'yum update postgresql95' to update your system.

Run 'yum update postgresql96' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql95");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql95-contrib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql95-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql95-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql95-docs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql95-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql95-plperl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql95-plpython26");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql95-plpython27");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql95-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql95-static");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql95-test");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql96");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql96-contrib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql96-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql96-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql96-docs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql96-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql96-plperl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql96-plpython26");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql96-plpython27");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql96-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql96-static");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql96-test");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/12/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/07");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"postgresql95-9.5.10-1.77.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"postgresql95-contrib-9.5.10-1.77.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"postgresql95-debuginfo-9.5.10-1.77.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"postgresql95-devel-9.5.10-1.77.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"postgresql95-docs-9.5.10-1.77.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"postgresql95-libs-9.5.10-1.77.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"postgresql95-plperl-9.5.10-1.77.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"postgresql95-plpython26-9.5.10-1.77.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"postgresql95-plpython27-9.5.10-1.77.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"postgresql95-server-9.5.10-1.77.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"postgresql95-static-9.5.10-1.77.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"postgresql95-test-9.5.10-1.77.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"postgresql96-9.6.6-1.79.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"postgresql96-contrib-9.6.6-1.79.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"postgresql96-debuginfo-9.6.6-1.79.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"postgresql96-devel-9.6.6-1.79.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"postgresql96-docs-9.6.6-1.79.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"postgresql96-libs-9.6.6-1.79.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"postgresql96-plperl-9.6.6-1.79.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"postgresql96-plpython26-9.6.6-1.79.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"postgresql96-plpython27-9.6.6-1.79.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"postgresql96-server-9.6.6-1.79.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"postgresql96-static-9.6.6-1.79.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"postgresql96-test-9.6.6-1.79.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql95 / postgresql95-contrib / postgresql95-debuginfo / etc");
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

07 Dec 2017 00:00Current

7.2High risk

Vulners AI Score7.2

CVSS25.5

CVSS38.1

EPSS0.11281