SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Database)  >   PostgreSQL Vendors:   postgresql.org
PostgreSQL Bugs Let Remote Authenticated Users Access Systems and Obtain Potentially Sensitive Information from System Memory
SecurityTracker Alert ID:  1041446
SecurityTracker URL:  http://securitytracker.com/id/1041446
CVE Reference:   CVE-2018-10915, CVE-2018-10925   (Links to External Site)
Date:  Aug 14 2018
Impact:   Disclosure of system information, Disclosure of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Two vulnerabilities were reported in PostgreSQL. A remote authenticated user can obtain potentially sensitive information on the target system. A remote authenticated user can gain access to the target system.

A remote authenticated user can exploit a flaw in 'libpq' to gain access to other systems without authenticating to those systems [CVE-2018-10915].

Andrew Krasichkov reported this vulnerability.

A remote authenticated user that can issue a 'CREATE TABLE' command can execute a specially crafted 'upsert' command to read arbitrary portions of system memory [CVE-2018-10925].

Impact:   A remote authenticated user can obtain potentially sensitive information from system memory.

A remote authenticated user can gain access to the target system.

Solution:   The vendor has issued a fix (9.3.24, 9.4.19, 9.5.14, 9.6.10, 10.5).

The vendor advisory is available at:

https://www.postgresql.org/about/news/1878/

Vendor URL:  www.postgresql.org/about/news/1878/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Aug 16 2018 (Ubuntu Issues Fix) PostgreSQL Bugs Let Remote Authenticated Users Access Systems and Obtain Potentially Sensitive Information from System Memory
Ubuntu has issued a fix for Ubuntu Linux 14.04 LTS, 16.04 LTS, and 18.04 LTS.
Aug 20 2018 (Red Hat Issues Fix) PostgreSQL Bugs Let Remote Authenticated Users Access Systems and Obtain Potentially Sensitive Information from System Memory
Red Hat has issued a fix for Red Hat Enterprise Linux 6, 6.7, 7, 7.3, 7.4, and 7.5.
Aug 23 2018 (Red Hat Issues Fix) PostgreSQL Bugs Let Remote Authenticated Users Access Systems and Obtain Potentially Sensitive Information from System Memory
Red Hat has issued a fix for Red Hat Enterprise Linux 7.
Aug 23 2018 (Oracle Issues Fix for Oracle Linux) PostgreSQL Bugs Let Remote Authenticated Users Access Systems and Obtain Potentially Sensitive Information from System Memory
Oracle has issued a fix for Oracle Linux 7.
Aug 27 2018 (Red Hat Issues Fix) PostgreSQL Bugs Let Remote Authenticated Users Access Systems and Obtain Potentially Sensitive Information from System Memory
Red Hat has issued a fix for Red Hat Enterprise Linux 7, 7.3, 7.4, and 7.5.
Aug 27 2018 (Red Hat Issues Fix) PostgreSQL Bugs Let Remote Authenticated Users Access Systems and Obtain Potentially Sensitive Information from System Memory
Red Hat has issued a fix for Red Hat Enterprise Linux 6, 6.7, 7, 7.3, 7.4, and 7.5.
Sep 4 2018 (Red Hat Issues Fix for Red Hat Enterprise Virtualization) PostgreSQL Bugs Let Remote Authenticated Users Access Systems and Obtain Potentially Sensitive Information from System Memory
Red Hat has issued a fix for Red Hat Enterprise Virtualization for Red Hat Enterprise Linux 7.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC