SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Device (Embedded Server/Appliance)  >   Juniper Security Threat Response Manager Vendors:   Juniper
(Juniper Issues Fix for Juniper Security Threat Response Manager) PostgreSQL Bugs Let Remote Authenticated Users Execute Arbitrary Code, Gain Elevated Privileges, and Conduct Denial of Service Attacks
SecurityTracker Alert ID:  1037926
SecurityTracker URL:  http://securitytracker.com/id/1037926
CVE Reference:   CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066   (Links to External Site)
Date:  Mar 1 2017
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Several vulnerabilities were reported in PostgreSQL. A remote authenticated user can execute arbitrary code on the target system. A remote authenticated user can obtain elevated privileges on the target system. A remote authenticated user can cause denial of service conditions. Juniper Security Threat Response Manager is affected.

A remote authenticated user without the 'ADMIN' role can remove a target user from an SQL role [CVE-2014-0060].

A remote authenticated user can exploit a flaw in the procedural languages validator functions to gain elevated privileges [CVE-2014-0061].

A remote authenticated user can exploit a race condition in the CREATE INDEX command when performing multiple independent lookups of a table to be indexed to gain elevated privileges [CVE-2014-0062].

A remote authenticated user can trigger a stack overflow in the date/time implementation to execute arbitrary code on the target system with the privileges of the postgresql user [CVE-2014-0063].

A remote authenticated user can trigger an integer overflow in various type input functions execute arbitrary code to execute arbitrary code on the target system with the privileges of the postgresql user [CVE-2014-0064].

A remote authenticated user can trigger a buffer overflow to execute arbitrary code on the target system with the privileges of the postgresql user [CVE-2014-0065].

A remote authenticated user can exploit a flaw in the chkpass function to trigger a null pointer dereference and cause PostgreSQL to crash [CVE-2014-0066].

Noah Misch, Heikki Linnakangas, Peter Eisentraut, Jozef Mlich, Andres Freund, Robert Haas, Honza Horak, and Bruce Momjian reported these vulnerabilities.

Impact:   A remote authenticated user can execute arbitrary code on the target system.

A remote authenticated user can obtain elevated privileges on the target system.

A remote authenticated user can cause denial of service conditions.

Solution:   Juniper has issued a fix for Juniper Security Threat Response Manager.

The Juniper advisory is available at:

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10643

Vendor URL:  kb.juniper.net/InfoCenter/index?page=content&id=JSA10643 (Links to External Site)
Cause:   Access control error, Boundary error, State error

Message History:   This archive entry is a follow-up to the message listed below.
Feb 26 2014 PostgreSQL Bugs Let Remote Authenticated Users Execute Arbitrary Code, Gain Elevated Privileges, and Conduct Denial of Service Attacks



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC