Permissions, Privileges, and Access Controls in PostgreSQL

Published: 2012-10-04 | Updated: 2020-07-28

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2012-3488
CWE-ID	CWE-264
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	PostgreSQL Server applications / Database software
Vendor	PostgreSQL Global Development Group

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU32769

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2012-3488

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote #AU# to read and manipulate data.

The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue.

Mitigation

Install update from vendor's website.

Vulnerable software versions

PostgreSQL: 8.3 - 8.3.19

CPE2.3

cpe:2.3:a:postgresql_global_development_group:postgresql:8.3.19:*:*:*:*:*:*:*

External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
https://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
https://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html
https://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html
https://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html
https://rhn.redhat.com/errata/RHSA-2012-1263.html
https://rhn.redhat.com/errata/RHSA-2012-1264.html
https://secunia.com/advisories/50635
https://secunia.com/advisories/50636
https://secunia.com/advisories/50718
https://secunia.com/advisories/50859
https://secunia.com/advisories/50946
https://www.debian.org/security/2012/dsa-2534
https://www.mandriva.com/security/advisories?name=MDVSA-2012:139
https://www.postgresql.org/about/news/1407/
https://www.postgresql.org/docs/8.3/static/release-8-3-20.html
https://www.postgresql.org/docs/8.4/static/release-8-4-13.html
https://www.postgresql.org/docs/9.0/static/release-9-0-9.html
https://www.postgresql.org/docs/9.1/static/release-9-1-5.html
https://www.postgresql.org/support/security/
https://www.securityfocus.com/bid/55072
https://www.ubuntu.com/usn/USN-1542-1
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_postgresql2
https://bugzilla.redhat.com/show_bug.cgi?id=849172

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.