You are here

U-112: PostgreSQL Bugs Let Remote Authenticated Users Gain Elevated Privileges, Inject SQL Commands, and Spoof Certificates

February 28, 2012 - 8:45am

Addthis

PROBLEM:

A vulnerability was reported in PostgreSQL.

PLATFORM:

Version(s): prior to 8.3.18, 8.4.11, 9.0.7, 9.1.3

ABSTRACT:

A remote authenticated user can gain elevated privileges. A remote authenticated user can inject SQL commands. A remote user can spoof connections in certain cases.

reference LINKS:

Vendor Advisory
Security Tracker ID 1026744
CVE-2012-0866

IMPACT ASSESSMENT:

Medium

Discussion:

For trigger functions marked SECURITY DEFINER, a remote authenticated user can execute a trigger function and gain elevated privileges CVE-2012-0866.

A remote user can supply a certificate with a specially crafted common name to trigger a host name validation flaw and potentially spoof an arbitrary host CVE-2012-0867. Version 8.3.x is not affected.

The pg_dump function does not properly validate user-supplied input CVE-2012-0868 . A remote authenticated user can create a specially crafted object name containing a newline character to potentially execute SQL commands on the underlying database when a dump file is opened.

Impact:

A remote authenticated user can execute certain functions on the target system. A remote authenticated user can execute SQL commands on the underlying database. A remote user can spoof connections in certain cases.

Solution:

The vendor has issued a fix (8.3.18, 8.4.11, 9.0.7, 9.1.3).

Addthis