Some vulnerabilities have been reported in PostgreSQL, which can be exploited by malicious users to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
1) An error when handling roles can be exploited to revoke access from other role members.
2) Multiple errors when handling calls to PL validator functions can be exploited to access otherwise restricted functionality.
3) Some errors when handling name lookups can be exploited to cause the permissions checks to be performed against a different table and subsequently perform otherwise restricted operations.
4) Some boundary errors when handling wide datetime input/output can be exploited to cause buffer overflows.
5) Some integer overflow errors can be exploited to cause buffer overflows.
Successful exploitation of vulnerabilities #4 and #5 may allow execution of arbitrary code.
The vulnerabilities are reported in versions prior to 9.3.3, 9.2.7, 9.1.12, 9.0.16, and 8.4.20.
Solution: Update to version 9.3.3, 9.2.7, 9.1.12, 9.0.16, or 8.4.20.
Provided and/or discovered by: The vendor credits:
1) Jonas Sundman and Noah Misch.
2, 3) Andres Freund.
4) Daniel Schuessler.
5) Noah Misch and Heikki Linnakangas.
Original Advisory: http://www.postgresql.org/about/news/1506/
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com
Subject: PostgreSQL Multiple Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.