Permissions, Privileges, and Access Controls in postgresql (Alpine package)

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU32769

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2012-3488

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote #AU# to read and manipulate data.

The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue.

Mitigation

Install update from vendor's website.

Vulnerable software versions

postgresql (Alpine package): 9.0.8-r0

CPE2.3

• cpe:2.3:a:alpine:postgresql_alpine_package:9.0.8-r0:*:*:*:*:alpine_linux:*:2.1

External links

https://git.alpinelinux.org/aports/commit/?id=f74a7e2ad3e172936c54f9a7a45c5a52e2a67fe2
https://git.alpinelinux.org/aports/commit/?id=f78420a1d1a6053c04ab7635ae72ec2537810a55
https://git.alpinelinux.org/aports/commit/?id=1c5310eff360085f33d17aad26ce9569a42419e7
https://git.alpinelinux.org/aports/commit/?id=cd8669403fa9d39f9b385aaee42d8da3d1db20ff

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.