PostgreSQL Single Quote Escaping Filter Bypass

2006-05-24T06:49:10
ID OSVDB:25731
Type osvdb
Reporter OSVDB
Modified 2006-05-24T06:49:10

Description

Vulnerability Description

PostgreSQL contains a flaw that may allow a malicious user to bypass security restrictions and execute arbitrary SQL commands. The issue is triggered due to an error when escaping ASCII single quote "'" characters (by turning them into "\'") and operating in multibyte encodings (e.g. SJIS, BIG5, GBK, GB18030, or UHC) that allow using the "0x5c" ASCII code (backslash) as the trailing byte of a multibyte character. It is possible that the flaw may allow SQL injection attacks resulting in a loss of confidentiality and integrity.

Solution Description

Upgrade to version 7.3.15, 7.4.13, 8.0.8, 8.1.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

PostgreSQL contains a flaw that may allow a malicious user to bypass security restrictions and execute arbitrary SQL commands. The issue is triggered due to an error when escaping ASCII single quote "'" characters (by turning them into "\'") and operating in multibyte encodings (e.g. SJIS, BIG5, GBK, GB18030, or UHC) that allow using the "0x5c" ASCII code (backslash) as the trailing byte of a multibyte character. It is possible that the flaw may allow SQL injection attacks resulting in a loss of confidentiality and integrity.

References:

Vendor URL: http://www.logicalware.org/ Vendor Specific News/Changelog Entry: http://www.postgresql.org/docs/techdocs.52 Vendor Specific News/Changelog Entry: http://sourceforge.net/tracker/index.php?func=detail&aid=1494281&group_id=85788&atid=577305 Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:21001 Secunia Advisory ID:21749 Secunia Advisory ID:20232 Secunia Advisory ID:20435 Secunia Advisory ID:20503 Secunia Advisory ID:20782 Secunia Advisory ID:20231 Secunia Advisory ID:20314 Secunia Advisory ID:20451 Secunia Advisory ID:20303 Secunia Advisory ID:20555 Secunia Advisory ID:20653 Related OSVDB ID: 25730 RedHat RHSA: RHSA-2006:0526 Other Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:098 Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200607-04.xml Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Sep/0001.html Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Jun/0002.html Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0584.html Mail List Post: http://archives.postgresql.org/pgsql-announce/2006-05/msg00010.php Keyword: rPath Security Advisory: 2006-0080-1 FrSIRT Advisory: ADV-2006-1941 CVE-2006-2314