SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Database)  >   PostgreSQL Vendors:   postgresql.org
PostgreSQL Bugs Let Remote Users Deny Service and Let Remote Authenticated Users Gain Elevated Privileges
SecurityTracker Alert ID:  1035005
SecurityTracker URL:  http://securitytracker.com/id/1035005
CVE Reference:   CVE-2016-0766, CVE-2016-0773   (Links to External Site)
Date:  Feb 11 2016
Impact:   Denial of service via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.1, 9.2, 9.3, 9.4, 9.5
Description:   Two vulnerabilities were reported in PostgreSQL. A remote user can cause the target service to crash. A remote authenticated user can gain elevated privileges.

A remote user can supply a specially data containing regular expressions with out-of-range Unicode characters to cause the target backend service to enter an infinite loop or crash [CVE-2016-0773].

A remote authenticated user without database superuser privileges can modify certain custom configuration settings (GUCS) for PL/Java [CVE-2016-0766].

Impact:   A remote user can cause the target service to enter an infinite loop or crash.

A remote authenticated user can gain elevated privileges on the target system.

Solution:   The vendor has issued a fix (9.1.20, 9.2.15, 9.3.11, 9.4.6, 9.5.1).

The vendor's advisory is available at:

http://www.postgresql.org/about/news/1644/

Vendor URL:  www.postgresql.org/about/news/1644/ (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Feb 11 2016 (Ubuntu Issues Fix) PostgreSQL Bugs Let Remote Users Deny Service and Let Remote Authenticated Users Gain Elevated Privileges
Ubuntu has issued a fix for Ubuntu Linux 12.04 LTS, 14.04 LTS, and 15.10.
Mar 2 2016 (Red Hat Issues Fix) PostgreSQL Bugs Let Remote Users Deny Service and Let Remote Authenticated Users Gain Elevated Privileges
Red Hat has issued a fix for Red Hat Enterprise Linux 7.
Mar 2 2016 (Red Hat Issues Fix) PostgreSQL Bugs Let Remote Users Deny Service and Let Remote Authenticated Users Gain Elevated Privileges
Red Hat has issued a fix for Red Hat Enterprise Linux 6.
Mar 2 2016 (CentOS Issues Fix) PostgreSQL Bugs Let Remote Users Deny Service and Let Remote Authenticated Users Gain Elevated Privileges
CentOS has issued a fix for CentOS 6 and 7.
Mar 2 2016 (Oracle Issues Fix for Oracle Linux) PostgreSQL Bugs Let Remote Users Deny Service and Let Remote Authenticated Users Gain Elevated Privileges
Oracle has issued a fix for Oracle Linux 7.
Mar 3 2016 (Red Hat Issues Fix) PostgreSQL Bugs Let Remote Users Deny Service and Let Remote Authenticated Users Gain Elevated Privileges
Red Hat has issued a fix for postgresql92 for Red Hat Enterprise Linux 6, 6.6, 6.7, 7, 7.1, and 7.2.
Mar 3 2016 (Red Hat Issues Fix) PostgreSQL Bugs Let Remote Users Deny Service and Let Remote Authenticated Users Gain Elevated Privileges
Red Hat has issued a fix for postgresql94 for Red Hat Enterprise Linux 6, 6.6, 6.7, 7, 7.1, and 7.2.
Mar 3 2016 (Oracle Issues Fix for Oracle Linux) PostgreSQL Bugs Let Remote Users Deny Service and Let Remote Authenticated Users Gain Elevated Privileges
Oracle has issued a fix for Oracle Linux 6.
May 12 2016 (Red Hat Issues Fix) PostgreSQL Bugs Let Remote Users Deny Service and Let Remote Authenticated Users Gain Elevated Privileges
Red Hat has issued a fix for postgresql92 for Red Hat Enterprise Linux 6.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC