The advisory DLA-3140-1 for Debian 10 relates to a security update for the 'libpgjava' package due to a potential SQL injection vulnerability in the PostgreSQL JDBC Driver
Reporter | Title | Published | Views | Family All 73 |
---|---|---|---|---|
Tenable Nessus | Fedora 35 : postgresql-jdbc (2022-cdeabe1bc0) | 23 Dec 202200:00 | – | nessus |
Tenable Nessus | SUSE SLES15 Security Update : postgresql-jdbc (SUSE-SU-2022:3613-1) | 19 Oct 202200:00 | – | nessus |
Tenable Nessus | Debian DLA-3140-1 : libpgjava - LTS security update | 8 Oct 202200:00 | – | nessus |
Tenable Nessus | FreeBSD : puppetdb -- Potential SQL injection (aeb4c85b-3600-11ed-b52d-589cfc007716) | 16 Sep 202200:00 | – | nessus |
Tenable Nessus | SUSE SLES12 Security Update : postgresql-jdbc (SUSE-SU-2022:3541-1) | 7 Oct 202200:00 | – | nessus |
Tenable Nessus | SUSE SLES15 Security Update : postgresql-jdbc (SUSE-SU-2022:3537-1) | 7 Oct 202200:00 | – | nessus |
Tenable Nessus | RHEL 8 : jdbc-postgresql (Unpatched Vulnerability) | 3 Jun 202400:00 | – | nessus |
Tenable Nessus | EulerOS 2.0 SP8 : postgresql-jdbc (EulerOS-SA-2022-2803) | 8 Dec 202200:00 | – | nessus |
Tenable Nessus | CentOS 9 : postgresql-jdbc-42.2.18-6.el9 | 29 Feb 202400:00 | – | nessus |
Tenable Nessus | AlmaLinux 9 : postgresql-jdbc (ALSA-2023:0318) | 25 Jan 202300:00 | – | nessus |
Source | Link |
---|---|
wiki | www.wiki.debian.org/LTS |
debian | www.debian.org/lts/security/2022/DLA-3140-1 |
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.893140");
script_cve_id("CVE-2022-31197");
script_tag(name:"creation_date", value:"2022-10-09 01:00:08 +0000 (Sun, 09 Oct 2022)");
script_version("2024-02-02T05:06:08+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:08 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"9.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-08-09 17:12:47 +0000 (Tue, 09 Aug 2022)");
script_name("Debian: Security Advisory (DLA-3140-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB10");
script_xref(name:"Advisory-ID", value:"DLA-3140-1");
script_xref(name:"URL", value:"https://www.debian.org/lts/security/2022/DLA-3140-1");
script_xref(name:"URL", value:"https://wiki.debian.org/LTS");
script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'libpgjava' package(s) announced via the DLA-3140-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"It was discovered that there was a potential SQL injection vulnerability in libpgjava, a Java library for connecting to PostgreSQL databases.
A malicious user could have crafted a schema that caused an application to execute commands as a privileged user due to the lack of escaping of column names in some operations.
CVE-2022-31197
PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. `,`, could lead to SQL injection. This could lead to executing additional SQL commands as the application's JDBC user. User applications that do not invoke the `ResultSet.refreshRow()` method are not impacted. User application that do invoke that method are impacted if the underlying database that they are querying via their JDBC application may be under the control of an attacker. The attack requires the attacker to trick the user into executing SQL against a table name who's column names would contain the malicious SQL and subsequently invoke the `refreshRow()` method on the ResultSet. Note that the application's JDBC user and the schema owner need not be the same. A JDBC application that executes as a privileged user querying database schemas owned by potentially malicious less-privileged users would be vulnerable. In that situation it may be possible for the malicious user to craft a schema that causes the application to execute commands as the privileged user. Patched versions will be released as `42.2.26` and `42.4.1`. Users are advised to upgrade. There are no known workarounds for this issue.
For Debian 10 Buster, these problems have been fixed in version 42.2.5-2+deb10u2.
We recommend that you upgrade your libpgjava packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references]");
script_tag(name:"affected", value:"'libpgjava' package(s) on Debian 10.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "DEB10") {
if(!isnull(res = isdpkgvuln(pkg:"libpostgresql-jdbc-java", ver:"42.2.5-2+deb10u2", rls:"DEB10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libpostgresql-jdbc-java-doc", ver:"42.2.5-2+deb10u2", rls:"DEB10"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo