The SLES12 host has a vulnerable postgresql-jdbc package (CVE-2022-31197
Reporter | Title | Published | Views | Family All 76 |
---|---|---|---|---|
SUSE Linux | Security update for postgresql-jdbc (important) | 18 Oct 202200:00 | – | suse |
SUSE Linux | Security update for postgresql-jdbc (important) | 6 Oct 202200:00 | – | suse |
Oracle linux | postgresql-jdbc security update | 24 Jan 202300:00 | – | oraclelinux |
Github Security Blog | PostgreSQL JDBC Driver SQL Injection in ResultSet.refreshRow() with malicious column names | 6 Aug 202205:51 | – | github |
Fedora | [SECURITY] Fedora 35 Update: postgresql-jdbc-42.2.26-1.fc35 | 5 Oct 202201:04 | – | fedora |
Fedora | [SECURITY] Fedora 36 Update: postgresql-jdbc-42.3.1-4.fc36 | 5 Oct 202201:01 | – | fedora |
OpenVAS | Debian: Security Advisory (DLA-3140-1) | 9 Oct 202200:00 | – | openvas |
OpenVAS | Fedora: Security Advisory for postgresql-jdbc (FEDORA-2022-cdeabe1bc0) | 5 Oct 202200:00 | – | openvas |
OpenVAS | Fedora: Security Advisory for postgresql-jdbc (FEDORA-2022-d7d49b2fac) | 5 Oct 202200:00 | – | openvas |
OpenVAS | SUSE: Security Advisory (SUSE-SU-2022:3613-1) | 19 Oct 202200:00 | – | openvas |
Source | Link |
---|---|
cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
bugzilla | www.bugzilla.suse.com/1202170 |
suse | www.suse.com/security/cve/CVE-2022-31197 |
nessus | www.nessus.org/u |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2022:3541-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(165755);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/13");
script_cve_id("CVE-2022-31197");
script_xref(name:"SuSE", value:"SUSE-SU-2022:3541-1");
script_name(english:"SUSE SLES12 Security Update : postgresql-jdbc (SUSE-SU-2022:3541-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by a vulnerability as referenced
in the SUSE-SU-2022:3541-1 advisory.
- PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using
standard, database independent Java code. The PGJDBC implementation of the
`java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious column
name that contains a statement terminator, e.g. `;`, could lead to SQL injection. This could lead to
executing additional SQL commands as the application's JDBC user. User applications that do not invoke the
`ResultSet.refreshRow()` method are not impacted. User application that do invoke that method are impacted
if the underlying database that they are querying via their JDBC application may be under the control of
an attacker. The attack requires the attacker to trick the user into executing SQL against a table name
who's column names would contain the malicious SQL and subsequently invoke the `refreshRow()` method on
the ResultSet. Note that the application's JDBC user and the schema owner need not be the same. A JDBC
application that executes as a privileged user querying database schemas owned by potentially malicious
less-privileged users would be vulnerable. In that situation it may be possible for the malicious user to
craft a schema that causes the application to execute commands as the privileged user. Patched versions
will be released as `42.2.26` and `42.4.1`. Users are advised to upgrade. There are no known workarounds
for this issue. (CVE-2022-31197)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202170");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-31197");
# https://lists.suse.com/pipermail/sle-security-updates/2022-October/012504.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a3f68ed9");
script_set_attribute(attribute:"solution", value:
"Update the affected postgresql-jdbc package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-31197");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/08/03");
script_set_attribute(attribute:"patch_publication_date", value:"2022/10/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/10/07");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql-jdbc");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12|SLES_SAP12)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);
var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(2|3|4|5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES12 SP2/3/4/5", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP12" && (! preg(pattern:"^(4|5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP12 SP4/5", os_ver + " SP" + service_pack);
var pkgs = [
{'reference':'postgresql-jdbc-9.4-3.6.3', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},
{'reference':'postgresql-jdbc-9.4-3.6.3', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'postgresql-jdbc-9.4-3.6.3', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},
{'reference':'postgresql-jdbc-9.4-3.6.3', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},
{'reference':'postgresql-jdbc-9.4-3.6.3', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},
{'reference':'postgresql-jdbc-9.4-3.6.3', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
var ltss_plugin_caveat = NULL;
if(ltss_caveat_required) ltss_plugin_caveat = '\n' +
'NOTE: This vulnerability check contains fixes that apply to\n' +
'packages only available in SUSE Enterprise Linux Server LTSS\n' +
'repositories. Access to these package security updates require\n' +
'a paid SUSE LTSS subscription.\n';
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get() + ltss_plugin_caveat
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'postgresql-jdbc');
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo