Lucene search

K

EulerOS 2.0 SP8 : postgresql-jdbc (EulerOS-SA-2022-2803)

EulerOS 2.0 SP8: postgresql-jdbc CVE-2022-31197 SQL injection vulnerabilit

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
RedhatCVE
CVE-2022-31197
23 Sep 202218:18
redhatcve
OSV
libpgjava - security update
7 Oct 202200:00
osv
OSV
Moderate: postgresql-jdbc security update
23 Jan 202314:30
osv
OSV
CGA-mgpw-g9pc-27cr
15 Jul 202422:02
osv
OSV
CGA-pjgm-r8m9-w969
15 Jul 202422:03
osv
OSV
BIT-postgresql-jdbc-driver-2022-31197
6 Mar 202411:02
osv
OSV
CVE-2022-31197
3 Aug 202219:15
osv
OSV
PostgreSQL JDBC Driver SQL Injection in ResultSet.refreshRow() with malicious column names
6 Aug 202205:51
osv
OSV
Red Hat Security Advisory: postgresql-jdbc security update
16 Sep 202409:53
osv
OSV
Moderate: postgresql-jdbc security update
23 Jan 202300:00
osv
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(168515);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/20");

  script_cve_id("CVE-2022-31197");

  script_name(english:"EulerOS 2.0 SP8 : postgresql-jdbc (EulerOS-SA-2022-2803)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the postgresql-jdbc package installed, the EulerOS installation on the remote host is
affected by the following vulnerabilities :

  - PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using
    standard, database independent Java code. The PGJDBC implementation of the
    `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious column
    name that contains a statement terminator, e.g. `;`, could lead to SQL injection. This could lead to
    executing additional SQL commands as the application's JDBC user. User applications that do not invoke the
    `ResultSet.refreshRow()` method are not impacted. User application that do invoke that method are impacted
    if the underlying database that they are querying via their JDBC application may be under the control of
    an attacker. The attack requires the attacker to trick the user into executing SQL against a table name
    who's column names would contain the malicious SQL and subsequently invoke the `refreshRow()` method on
    the ResultSet. Note that the application's JDBC user and the schema owner need not be the same. A JDBC
    application that executes as a privileged user querying database schemas owned by potentially malicious
    less-privileged users would be vulnerable. In that situation it may be possible for the malicious user to
    craft a schema that causes the application to execute commands as the privileged user. Patched versions
    will be released as `42.2.26` and `42.4.1`. Users are advised to upgrade. There are no known workarounds
    for this issue. (CVE-2022-31197)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2803
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?177b02ee");
  script_set_attribute(attribute:"solution", value:
"Update the affected postgresql-jdbc packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-31197");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/08/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/12/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/12/08");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:postgresql-jdbc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (_release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");

var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");

if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);

var flag = 0;

var pkgs = [
  "postgresql-jdbc-42.2.4-1.h5.eulerosv2r8"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql-jdbc");
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
08 Dec 2022 00:00Current
8.6High risk
Vulners AI Score8.6
CVSS38
EPSS0.001
17
.json
Report