Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Huawei EulerOS: Security Advisory for postgresql (EulerOS-SA-2023-3146)

🗓️ 09 Nov 2023 00:00:00Reported by Copyright (C) 2023 Greenbone AGType 
openvas
 openvas🔗 plugins.openvas.org👁 23 Views

Huawei EulerOS: Security Advisory for PostgreSQL SQL Injection, User ID Change, Schema Element (EulerOS-SA-2023-3146). The remote host is missing an update for the Huawei EulerOS 'postgresql' package(s) announced via the EulerOS-SA-2023-3146 advisory

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Related
Refs
Code
ReporterTitlePublishedViews
Family
Tenable Nessus		EulerOS 2.0 SP8 : postgresql (EulerOS-SA-2023-3146)
16 Jan 202400:00
nessus
Tenable Nessus		SUSE SLES12 Security Update : postgresql14 (SUSE-SU-2023:2202-1)
16 May 202300:00
nessus
Tenable Nessus		SUSE SLES15 / openSUSE 15 Security Update : postgresql13 (SUSE-SU-2023:2219-1)
17 May 202300:00
nessus
Tenable Nessus		Debian DSA-5401-1 : postgresql-13 - security update
14 May 202300:00
nessus
Tenable Nessus		Rocky Linux 9 : postgresql:15 (RLSA-2023:4327)
8 Aug 202300:00
nessus
Tenable Nessus		Rocky Linux 9 : postgresql (RLSA-2023:3714)
31 Aug 202300:00
nessus
Tenable Nessus		RHEL 7 : rh-postgresql12-postgresql (RHSA-2023:4313)
27 Jul 202300:00
nessus
Tenable Nessus		PostgreSQL 11.x < 11.20 / 12.x < 12.15 / 13.x < 13.11 / 14.x < 14.8 / 15.x < 15.3 Multiple Vulnerabilities
14 May 202300:00
nessus
Tenable Nessus		Rocky Linux 8 : postgresql:13 (RLSA-2023:4527)
6 Oct 202300:00
nessus
Tenable Nessus		AlmaLinux 8 : postgresql:10 (ALSA-2023:4539)
9 Aug 202300:00
nessus
Rows per page
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.2.2023.3146");
  script_cve_id("CVE-2023-2454", "CVE-2023-2455", "CVE-2023-39417");
  script_tag(name:"creation_date", value:"2023-11-09 04:28:52 +0000 (Thu, 09 Nov 2023)");
  script_version("2024-02-05T14:36:57+0000");
  script_tag(name:"last_modification", value:"2024-02-05 14:36:57 +0000 (Mon, 05 Feb 2024)");
  script_tag(name:"cvss_base", value:"9.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-08-18 17:58:49 +0000 (Fri, 18 Aug 2023)");

  script_name("Huawei EulerOS: Security Advisory for postgresql (EulerOS-SA-2023-3146)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Huawei EulerOS Local Security Checks");
  script_dependencies("gb_huawei_euleros_consolidation.nasl");
  script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS\-2\.0SP8");

  script_xref(name:"Advisory-ID", value:"EulerOS-SA-2023-3146");
  script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2023-3146");

  script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'postgresql' package(s) announced via the EulerOS-SA-2023-3146 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ''). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.(CVE-2023-39417)

Row security policies disregard user ID changes after inlining, PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.(CVE-2023-2455)

schema_element defeats protective search_path changes, It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.(CVE-2023-2454)");

  script_tag(name:"affected", value:"'postgresql' package(s) on Huawei EulerOS V2.0SP8.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "EULEROS-2.0SP8") {

  if(!isnull(res = isrpmvuln(pkg:"postgresql", rpm:"postgresql~10.5~3.h20.eulerosv2r8", rls:"EULEROS-2.0SP8"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"postgresql-contrib", rpm:"postgresql-contrib~10.5~3.h20.eulerosv2r8", rls:"EULEROS-2.0SP8"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"postgresql-devel", rpm:"postgresql-devel~10.5~3.h20.eulerosv2r8", rls:"EULEROS-2.0SP8"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"postgresql-docs", rpm:"postgresql-docs~10.5~3.h20.eulerosv2r8", rls:"EULEROS-2.0SP8"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"postgresql-libs", rpm:"postgresql-libs~10.5~3.h20.eulerosv2r8", rls:"EULEROS-2.0SP8"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"postgresql-plperl", rpm:"postgresql-plperl~10.5~3.h20.eulerosv2r8", rls:"EULEROS-2.0SP8"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"postgresql-plpython", rpm:"postgresql-plpython~10.5~3.h20.eulerosv2r8", rls:"EULEROS-2.0SP8"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"postgresql-pltcl", rpm:"postgresql-pltcl~10.5~3.h20.eulerosv2r8", rls:"EULEROS-2.0SP8"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"postgresql-server", rpm:"postgresql-server~10.5~3.h20.eulerosv2r8", rls:"EULEROS-2.0SP8"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"postgresql-test", rpm:"postgresql-test~10.5~3.h20.eulerosv2r8", rls:"EULEROS-2.0SP8"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
09 Nov 2023 00:00Current
7.4High risk
Vulners AI Score7.4
CVSS37.5 - 8.8
EPSS0.00509
SSVC
huawei eulerossecurity advisorypostgresqlsql injectionuser id changeschema elementcve-2023-39417cve-2023-2455cve-2023-2454vendorfixpackage
23
.json
Report