VuXML ID | Description |
07234e78-e899-11e1-b38d-0023ae8e59f0 | databases/postgresql*-server -- multiple vulnerabilities
The PostgreSQL Global Development Group reports:
The PostgreSQL Global Development Group today released
security updates for all active branches of the PostgreSQL
database system, including versions 9.1.5, 9.0.9, 8.4.13 and
8.3.20. This update patches security holes associated with
libxml2 and libxslt, similar to those affecting other open
source projects. All users are urged to update their
installations at the first available opportunity
Users who are relying on the built-in XML functionality to
validate external DTDs will need to implement a workaround, as
this security patch disables that functionality. Users who are
using xslt_process() to fetch documents or stylesheets from
external URLs will no longer be able to do so. The PostgreSQL
project regrets the need to disable both of these features in
order to maintain our security standards. These security issues
with XML are substantially similar to issues patched recently
by the Webkit (CVE-2011-1774), XMLsec (CVE-2011-1425) and PHP5
(CVE-2012-0057) projects.
Discovery 2012-08-17 Entry 2012-08-17 postgresql-server
gt 8.3.* lt 8.3.20
gt 8.4.* lt 8.4.13
gt 9.0.* lt 9.0.9
gt 9.1.* lt 9.1.5
CVE-2012-3488
CVE-2012-3489
http://www.postgresql.org/about/news/1407/
|
0b2b4b4d-a07c-11da-be0a-000c6ec775d9 | postgresql81-server -- SET ROLE privilege escalation
The PostgreSQL team reports:
Due to inadequate validity checking, a user could exploit
the special case that SET ROLE normally uses to restore
the previous role setting after an error. This allowed
ordinary users to acquire superuser status, for
example.
Discovery 2006-02-14 Entry 2006-02-18 Modified 2006-08-13 postgresql-server
ge 8.1.0 lt 8.1.3
CVE-2006-0553
http://www.postgresql.org/docs/8.1/static/release.html#RELEASE-8-1-3
|
17f53c1d-2ae9-11db-a6e2-000e0c2e438a | postgresql -- encoding based SQL injection
The PostgreSQL development team reports:
An attacker able to submit crafted strings to an
application that will embed those strings in SQL commands
can use invalidly-encoded multibyte characters to bypass
standard string-escaping methods, resulting in possible
injection of hostile SQL commands into the database. The
attacks covered here work in any multibyte encoding.
The widely-used practice of escaping ASCII single quote
"'" by turning it into "\'" is unsafe when operating in
multibyte encodings that allow 0x5c (ASCII code for
backslash) as the trailing byte of a multibyte character;
this includes at least SJIS, BIG5, GBK, GB18030, and UHC.
An application that uses this conversion while embedding
untrusted strings in SQL commands is vulnerable to
SQL-injection attacks if it communicates with the server in
one of these encodings. While the standard client libraries
used with PostgreSQL have escaped "'" in the safe,
SQL-standard way of "''" for some time, the older practice
remains common.
Discovery 2006-05-11 Entry 2006-08-13 postgresql
postgresql-server
ja-postgresql
ge 7.3 lt 7.3.15
ge 7.4 lt 7.4.13
ge 8.0.0 lt 8.0.8
ge 8.1.0 lt 8.1.4
18092
CVE-2006-2313
CVE-2006-2314
http://www.postgresql.org/docs/techdocs.50
|
3f332f16-9b6b-11e2-8fe9-08002798f6ff | PostgreSQL -- anonymous remote access data corruption vulnerability
PostgreSQL project reports:
The PostgreSQL Global Development Group has released a security
update to all current versions of the PostgreSQL database system,
including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update
fixes a high-exposure security vulnerability in versions 9.0 and
later. All users of the affected versions are strongly urged to apply
the update *immediately*.
A major security issue (for versions 9.x only) fixed in this release,
[CVE-2013-1899](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899),
makes it possible for a connection request containing a database name
that begins with "-" to be crafted that can damage or destroy files
within a server's data directory. Anyone with access to the port the
PostgreSQL server listens on can initiate this request. This issue was
discovered by Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source
Software Center.
Two lesser security fixes are also included in this release:
[CVE-2013-1900](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900),
wherein random numbers generated by contrib/pgcrypto functions may be
easy for another database user to guess (all versions), and
[CVE-2013-1901](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901),
which mistakenly allows an unprivileged user to run commands that
could interfere with in-progress backups (for versions 9.x only).
Discovery 2013-04-04 Entry 2013-04-04 postgresql-server
ge 8.3.0 lt 8.3.21_1
ge 8.4.0 lt 8.4.17
ge 9.0.0 lt 9.0.13
ge 9.1.0 lt 9.1.9
ge 9.2.0 lt 9.2.4
CVE-2013-1899
CVE-2013-1900
CVE-2013-1901
|
42d42090-9a4d-11e3-b029-08002798f6ff | PostgreSQL -- multiple privilege issues
PostgreSQL Project reports:
This update fixes CVE-2014-0060, in which PostgreSQL did not
properly enforce the WITH ADMIN OPTION permission for ROLE management.
Before this fix, any member of a ROLE was able to grant others access
to the same ROLE regardless if the member was given the WITH ADMIN
OPTION permission. It also fixes multiple privilege escalation issues,
including: CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064,
CVE-2014-0065, and CVE-2014-0066. More information on these issues can
be found on our security page and the security issue detail wiki page.
With this release, we are also alerting users to a known security hole
that allows other users on the same machine to gain access to an
operating system account while it is doing "make check":
CVE-2014-0067. "Make check" is normally part of building PostgreSQL
from source code. As it is not possible to fix this issue without
causing significant issues to our testing infrastructure, a patch will
be released separately and publicly. Until then, users are strongly
advised not to run "make check" on machines where untrusted users have
accounts.
Discovery 2014-02-20 Entry 2014-02-20 postgresql-server
< 8.4.20
ge 9.0.0 lt 9.0.16
ge 9.1.0 lt 9.1.12
ge 9.2.0 lt 9.2.7
ge 9.3.0 lt 9.3.3
CVE-2014-0060
CVE-2014-0061
CVE-2014-0062
CVE-2014-0063
CVE-2014-0064
CVE-2014-0065
CVE-2014-0066
CVE-2014-0067
|
51436b4c-1250-11dd-bab7-0016179b2dd5 | postgresql -- multiple vulnerabilities
The PostgreSQL developers report:
PostgreSQL allows users to create indexes on the results of
user-defined functions, known as "expression indexes". This provided
two vulnerabilities to privilege escalation: (1) index functions
were executed as the superuser and not the table owner during VACUUM
and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION
were permitted within index functions. Both of these holes have now
been closed.
PostgreSQL allowed malicious users to initiate a denial-of-service
by passing certain regular expressions in SQL queries. First, users
could create infinite loops using some specific regular expressions.
Second, certain complex regular expressions could consume excessive
amounts of memory. Third, out-of-range backref numbers could be used
to crash the backend.
DBLink functions combined with local trust or ident authentication
could be used by a malicious user to gain superuser privileges. This
issue has been fixed, and does not affect users who have not
installed DBLink (an optional module), or who are using password
authentication for local access. This same problem was addressed in
the previous release cycle, but that patch failed to close all forms
of the loophole.
Discovery 2008-01-06 Entry 2008-04-24 postgresql
postgresql-server
ge 7.3 lt 7.3.21
ge 7.4 lt 7.4.19
ge 8.0 lt 8.0.15
ge 8.1 lt 8.1.11
ge 8.2 lt 8.2.6
CVE-2007-6600
CVE-2007-4772
CVE-2007-6067
CVE-2007-4769
CVE-2007-6601
27163
http://www.postgresql.org/about/news.905
|
5d425189-7a03-11d9-a9e7-0001020eed82 | postgresql -- privilege escalation vulnerability
John Heasman and others disovered that non-privileged users
could use the LOAD extension to load arbitrary
libraries into the postgres server process space. This
could be used by non-privileged local users to execute
arbitrary code with the privileges of the postgresql
server.
Discovery 2005-01-21 Entry 2005-02-08 postgresql
postgresql-server
ja-postgresql
< 7.3.9
gt 7.4.* lt 7.4.7
gt 8.* lt 8.0.1
postgresql-devel
le 8.0.1,1
12411
CVE-2005-0227
http://archives.postgresql.org/pgsql-announce/2005-02/msg00000.php
http://archives.postgresql.org/pgsql-bugs/2005-01/msg00269.php
|
65c8ecf9-2adb-11db-a6e2-000e0c2e438a | postgresql -- multiple vulnerabilities
Multiple vulnerabilities had been reported in various
versions of PostgreSQL:
- The EXECUTE restrictions can be bypassed by using the
AGGREGATE function, which is missing a permissions check.
- A buffer overflow exists in gram.y which could allow an
attacker to execute arbitrary code by sending a large
number of arguments to a refcursor function, found in
gram.y
- The intagg contributed module allows an attacker to crash
the server (Denial of Service) by constructing a malicious
crafted array.
Discovery 2005-02-01 Entry 2006-08-13 postgresql
postgresql-server
ja-postgresql
ge 7.2 lt 7.2.7
ge 7.3 lt 7.3.9
ge 7.4 lt 7.4.7
ge 8.0.0 lt 8.0.1
CVE-2005-0244
CVE-2005-0245
CVE-2005-0246
http://secunia.com/advisories/12948
|
6b4b0b3f-8127-11d9-a9e7-0001020eed82 | postgresql -- multiple buffer overflows in PL/PgSQL parser
The PL/PgSQL parser in postgresql is vulnerable to several
buffer overflows. These could be exploited by a remote
attacker to execute arbitrary code with the permissions of
the postgresql server by running a specially crafted
query.
Discovery 2005-02-07 Entry 2005-02-17 Modified 2005-02-19 postgresql
postgresql-server
ja-postgresql
< 7.3.9_1
gt 7.4.* lt 7.4.7_1
gt 8.* lt 8.0.1_1
CVE-2005-0247
http://archives.postgresql.org/pgsql-committers/2005-02/msg00049.php
|
a8864f8f-aa9e-11e1-a284-0023ae8e59f0 | databases/postgresql*-server -- crypt vulnerabilities
The PostgreSQL Global Development Group reports:
Today the PHP, OpenBSD and FreeBSD communities announced updates to
patch a security hole involving their crypt() hashing algorithms. This
issue is described in CVE-2012-2143. This vulnerability also affects a
minority of PostgreSQL users, and will be fixed in an update release on
June 4, 2012.
Affected users are those who use the crypt(text, text) function
with DES encryption in the optional pg_crypto module. Passwords
affected are those that contain characters that cannot be
represented with 7-bit ASCII. If a password contains a character
that has the most significant bit set (0x80), and DES encryption
is used, that character and all characters after it will be ignored.
Discovery 2012-05-30 Entry 2012-05-30 Modified 2012-05-31 postgresql-server
gt 8.3.* lt 8.3.18_1
gt 8.4.* lt 8.4.11_1
gt 9.0.* lt 9.0.7_2
gt 9.1.* lt 9.1.3_1
gt 9.2.* lt 9.2.b1_1
CVE-2012-2143
http://www.postgresql.org/about/news/1397/
http://git.postgresql.org/gitweb/?p=postgresql.git;a=patch;h=932ded2ed51e8333852e370c7a6dad75d9f236f9
|
e050119b-3856-11df-b2b2-002170daae37 | postgresql -- bitsubstr overflow
BugTraq reports:
PostgreSQL is prone to a buffer-overflow
vulnerability because the application fails to
perform adequate boundary checks on user-supplied
data.
Attackers can exploit this issue to execute
arbitrary code with elevated privileges or
crash the affected application.
Discovery 2010-01-27 Entry 2010-03-25 postgresql-server
ge 7.4 lt 7.4.28
ge 8.0 lt 8.0.24
ge 8.1 lt 8.1.20
ge 8.2 lt 8.2.16
ge 8.3 lt 8.3.10
ge 8.4 lt 8.4.3
37973
CVE-2010-0442
|
e7bc5600-eaa0-11de-bd9c-00215c6a37bb | postgresql -- multiple vulnerabilities
PostgreSQL project reports:
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23,
8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9,
and 8.4.x before 8.4.2 does not properly handle a '\0' character
in a domain name in the subject's Common Name (CN) field of an
X.509 certificate, which (1) allows man-in-the-middle attackers
to spoof arbitrary SSL-based PostgreSQL servers via a crafted
server certificate issued by a legitimate Certification Authority,
and (2) allows remote attackers to bypass intended client-hostname
restrictions via a crafted client certificate issued by a legitimate
Certification Authority, a related issue to CVE-2009-2408.
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23,
8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9,
and 8.4.x before 8.4.2 does not properly manage session-local
state during execution of an index function by a database
superuser, which allows remote authenticated users to gain
privileges via a table with crafted index functions, as
demonstrated by functions that modify (1) search_path or
(2) a prepared statement, a related issue to CVE-2007-6600
and CVE-2009-3230.
Discovery 2009-11-20 Entry 2009-12-17 postgresql-client
postgresql-server
ge 7.4 lt 7.4.27
ge 8.0 lt 8.0.23
ge 8.1 lt 8.1.19
ge 8.2 lt 8.2.15
ge 8.3 lt 8.3.9
ge 8.4 lt 8.4.2
CVE-2009-4034
CVE-2009-4136
|