PostgreSQL Bugs Let Remote Authenticated Users Access and Modify Data and Obtain Potentially Sensitive Information
|
|
SecurityTracker Alert ID: 1035468 |
|
SecurityTracker URL: http://securitytracker.com/id/1035468
|
|
CVE Reference:
CVE-2016-2193, CVE-2016-3065
(Links to External Site)
|
Date: Apr 4 2016
|
Impact:
Disclosure of system information, Disclosure of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 9.5.x, prior to 9.5.2
|
Description:
Two vulnerabilities were reported in PostgreSQL. A remote authenticated user can access and modify data on the target system. A remote authenticated user can obtain potentially sensitive information on the target system.
A remote authenticated user can cause a query plan to be reused for a different role within a session to bypass the intended Row Level Security (RLS) policy and access or modify data on the target system.
Databases that have used 'CREATE POLICY' to define a row security policy are affected.
Ashutosh Bapat reported this vulnerability.
A remote authenticated user can invoke pageinspect with BRIN index pages to trigger a server crash and obtain potentially sensitive information from server memory on the target system [CVE-2016-3065].
Databases that have used 'CREATE EXTENSION pageinspect' are affected.
Andreas Seltenreich reported this vulnerability.
|
Impact:
A remote authenticated user can access and modify data on the target system.
A remote authenticated user can obtain potentially sensitive information on the target system.
|
Solution:
The vendor has issued a fix (9.5.2).
The vendor's advisory is available at:
http://www.postgresql.org/about/news/1656/
|
Vendor URL: www.postgresql.org/about/news/1656/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
