Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.ALMA_LINUX_ALSA-2023-1576.NASLHistoryApr 05, 2023 - 12:00 a.m.
AlmaLinux 8 : postgresql:13 (ALSA-2023:1576)
2023-04-0500:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:1576 advisory.
-
A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser. (CVE-2022-2625)
-
In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. (CVE-2022-41862)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# AlmaLinux Security Advisory ALSA-2023:1576.
##
include('compat.inc');
if (description)
{
script_id(173920);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/05/19");
script_cve_id("CVE-2022-2625", "CVE-2022-41862");
script_xref(name:"ALSA", value:"2023:1576");
script_xref(name:"IAVB", value:"2022-B-0028-S");
script_xref(name:"IAVB", value:"2023-B-0009-S");
script_name(english:"AlmaLinux 8 : postgresql:13 (ALSA-2023:1576)");
script_set_attribute(attribute:"synopsis", value:
"The remote AlmaLinux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ALSA-2023:1576 advisory.
- A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects
in at least one schema, the ability to lure or wait for an administrator to create or update an affected
extension in that schema, and the ability to lure or wait for a victim to use the object targeted in
CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to
run arbitrary code as the victim role, which may be a superuser. (CVE-2022-2625)
- In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment
of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and
report an error message containing uninitialized bytes. (CVE-2022-41862)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://errata.almalinux.org/8/ALSA-2023-1576.html");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-2625");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(200, 915);
script_set_attribute(attribute:"vuln_publication_date", value:"2022/08/11");
script_set_attribute(attribute:"patch_publication_date", value:"2023/04/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/05");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:pg_repack");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:pgaudit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:postgres-decoderbufs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:postgresql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:postgresql-contrib");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:postgresql-docs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:postgresql-plperl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:postgresql-plpython3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:postgresql-pltcl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:postgresql-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:postgresql-server-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:postgresql-static");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:postgresql-test");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:postgresql-test-rpm-macros");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:postgresql-upgrade");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:postgresql-upgrade-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::appstream");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Alma Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AlmaLinux/release", "Host/AlmaLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/AlmaLinux/release');
if (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');
var os_ver = pregmatch(pattern: "AlmaLinux release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');
os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);
if (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);
var module_ver = get_kb_item('Host/AlmaLinux/appstream/postgresql');
if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:13');
if ('13' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module postgresql:' + module_ver);
var appstreams = {
'postgresql:13': [
{'reference':'pg_repack-1.4.6-3.module_el8.6.0+2760+1746ec94', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'pg_repack-1.4.6-3.module_el8.6.0+2760+1746ec94', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'pgaudit-1.5.0-1.module_el8.6.0+2760+1746ec94', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'pgaudit-1.5.0-1.module_el8.6.0+2760+1746ec94', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgres-decoderbufs-0.10.0-2.module_el8.6.0+2760+1746ec94', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgres-decoderbufs-0.10.0-2.module_el8.6.0+2760+1746ec94', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-13.10-1.module_el8.7.0+3498+cb1ef3c6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-13.10-1.module_el8.7.0+3498+cb1ef3c6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-contrib-13.10-1.module_el8.7.0+3498+cb1ef3c6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-contrib-13.10-1.module_el8.7.0+3498+cb1ef3c6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-docs-13.10-1.module_el8.7.0+3498+cb1ef3c6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-docs-13.10-1.module_el8.7.0+3498+cb1ef3c6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-plperl-13.10-1.module_el8.7.0+3498+cb1ef3c6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-plperl-13.10-1.module_el8.7.0+3498+cb1ef3c6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-plpython3-13.10-1.module_el8.7.0+3498+cb1ef3c6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-plpython3-13.10-1.module_el8.7.0+3498+cb1ef3c6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-pltcl-13.10-1.module_el8.7.0+3498+cb1ef3c6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-pltcl-13.10-1.module_el8.7.0+3498+cb1ef3c6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-server-13.10-1.module_el8.7.0+3498+cb1ef3c6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-server-13.10-1.module_el8.7.0+3498+cb1ef3c6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-server-devel-13.10-1.module_el8.7.0+3498+cb1ef3c6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-server-devel-13.10-1.module_el8.7.0+3498+cb1ef3c6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-static-13.10-1.module_el8.7.0+3498+cb1ef3c6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-static-13.10-1.module_el8.7.0+3498+cb1ef3c6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-test-13.10-1.module_el8.7.0+3498+cb1ef3c6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-test-13.10-1.module_el8.7.0+3498+cb1ef3c6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-test-rpm-macros-13.10-1.module_el8.7.0+3498+cb1ef3c6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-upgrade-13.10-1.module_el8.7.0+3498+cb1ef3c6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-upgrade-13.10-1.module_el8.7.0+3498+cb1ef3c6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-upgrade-devel-13.10-1.module_el8.7.0+3498+cb1ef3c6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-upgrade-devel-13.10-1.module_el8.7.0+3498+cb1ef3c6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
]
};
var flag = 0;
var appstreams_found = 0;
foreach var module (keys(appstreams)) {
var appstream = NULL;
var appstream_name = NULL;
var appstream_version = NULL;
var appstream_split = split(module, sep:':', keep:FALSE);
if (!empty_or_null(appstream_split)) {
appstream_name = appstream_split[0];
appstream_version = appstream_split[1];
if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/AlmaLinux/appstream/' + appstream_name);
}
if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
appstreams_found++;
foreach var package_array ( appstreams[module] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
}
}
if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:13');
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pg_repack / pgaudit / postgres-decoderbufs / postgresql / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| alma | linux | pg_repack | p-cpe:/a:alma:linux:pg_repack |
| alma | linux | pgaudit | p-cpe:/a:alma:linux:pgaudit |
| alma | linux | postgres-decoderbufs | p-cpe:/a:alma:linux:postgres-decoderbufs |
| alma | linux | postgresql | p-cpe:/a:alma:linux:postgresql |
| alma | linux | postgresql-contrib | p-cpe:/a:alma:linux:postgresql-contrib |
| alma | linux | postgresql-docs | p-cpe:/a:alma:linux:postgresql-docs |
| alma | linux | postgresql-plperl | p-cpe:/a:alma:linux:postgresql-plperl |
| alma | linux | postgresql-plpython3 | p-cpe:/a:alma:linux:postgresql-plpython3 |
| alma | linux | postgresql-pltcl | p-cpe:/a:alma:linux:postgresql-pltcl |
| alma | linux | postgresql-server | p-cpe:/a:alma:linux:postgresql-server |
Related
nessus
nessus
RHEL 9 : postgresql (RHSA-2023:1693)
2023-04-11 00:00:00
Oracle Linux 9 : postgresql (ELSA-2023-1693)
2023-04-12 00:00:00
Rocky Linux 8 : postgresql:13 (RLSA-2023:1576)
2023-04-06 00:00:00
oraclelinux
oraclelinux
postgresql security update
2023-04-11 00:00:00
postgresql:13 security update
2023-04-05 00:00:00
libpq security update
2023-11-11 00:00:00
almalinux
almalinux
Moderate: postgresql security update
2023-04-11 00:00:00
Moderate: postgresql:13 security update
2023-04-04 00:00:00
Low: libpq security update
2023-11-14 00:00:00
osv
osv
Moderate: postgresql:13 security update
2023-04-04 00:00:00
Moderate: postgresql security update
2023-04-11 00:00:00
Moderate: postgresql:13 security update
2023-04-06 15:52:43
rocky
rocky
postgresql:13 security update
2023-04-06 15:52:43
postgresql:10 security update
2023-01-12 08:25:41
postgresql:12 security update
2022-10-25 07:32:37
redhat
redhat
(RHSA-2023:1576) Moderate: postgresql:13 security update
2023-04-04 08:51:28
(RHSA-2023:1693) Moderate: postgresql security update
2023-04-11 13:44:20
(RHSA-2023:7016) Low: libpq security update
2023-11-14 08:42:45
altlinux
altlinux
Security fix for the ALT Linux 10 package postgresql12 version 12.14-alt1
2023-02-20 00:00:00
Security fix for the ALT Linux 10 package postgresql15-1C version 15.2-alt1
2023-02-20 00:00:00
Security fix for the ALT Linux 10 package postgresql15 version 15.2-alt1
2023-02-20 00:00:00
veracode
veracode
Information Disclosure
2023-02-11 23:04:31
Authorization Bypass
2022-08-16 21:28:46
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:0583-1)
2023-03-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:0392-1)
2023-02-14 00:00:00
Debian: Security Advisory (DLA-3316-1)
2023-02-11 00:00:00
cvelist
cvelist
CVE-2022-41862
2023-03-03 00:00:00
CVE-2022-2625
2022-08-18 00:00:00
ubuntucve
ubuntucve
CVE-2022-41862
2023-02-10 00:00:00
CVE-2022-2625
2022-08-15 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-41862 affecting package postgresql 12.15-1
2024-05-13 09:06:56
CVE-2022-41862 affecting package postgresql for versions less than 14.11-1
2024-03-05 17:52:42
CVE-2022-2625 affecting package postgresql 12.8-1
2022-10-13 00:40:15
ibm
ibm
prion
prion
Code injection
2023-03-03 16:15:00
Design/Logic Flaw
2022-08-18 19:15:00
debian
debian
[SECURITY] [DLA 3316-1] postgresql-11 security update
2023-02-10 13:33:28
[SECURITY] [DLA 3072-1] postgresql-11 security update
2022-08-12 09:50:06
cloudfoundry
cloudfoundry
USN-5906-1: PostgreSQL vulnerability | Cloud Foundry
2023-03-23 00:00:00
USN-5571-1: PostgreSQL vulnerability | Cloud Foundry
2022-09-29 00:00:00
kaspersky
kaspersky
KLA20223 OSI vulnerability in PostgreSQL
2023-02-09 00:00:00
KLA15718 RCE vulnerability in PostgreSQL
2022-08-11 00:00:00
wolfi
wolfi
CVE-2022-41862 vulnerabilities
2024-05-13 09:06:53
ubuntu
ubuntu
PostgreSQL vulnerability
2023-03-02 00:00:00
PostgreSQL vulnerability
2022-08-18 00:00:00
cgr
cgr
CVE-2022-41862 vulnerabilities
2024-05-13 09:06:52
mageia
mageia
Updated postgresql packages fix security vulnerability
2023-02-27 23:27:16
Updated postgresql packages fix security vulnerability
2022-08-29 08:07:41
cve
cve
CVE-2022-41862
2023-03-03 16:15:00
CVE-2022-2625
2022-08-18 19:15:00
freebsd
freebsd
redhatcve
redhatcve
CVE-2022-41862
2023-02-15 15:29:59
CVE-2022-2625
2022-08-18 05:17:10
debiancve
debiancve
CVE-2022-41862
2023-03-03 16:15:00
CVE-2022-2625
2022-08-18 19:15:00
alpinelinux
alpinelinux
CVE-2022-41862
2023-03-03 16:15:00
CVE-2022-2625
2022-08-18 19:15:00
redos
redos
ROS-20221013-03
2022-10-13 00:00:00
suse
suse
Security update for postgresql10 (important)
2022-08-31 00:00:00
Security update for postgresql13 (important)
2022-09-01 00:00:00
Security update for postgresql14 (important)
2022-09-01 00:00:00
broadcom
broadcom
PostgreSQL vulnerability in SANnav 2.2.0.2
2023-08-29 00:00:00
photon
photon
Low Photon OS Security Update - PHSA-2023-3.0-0531
2023-02-10 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0441
2022-08-23 00:00:00
Related for ALMA_LINUX_ALSA-2023-1576.NASL