Privilege escalation in postgresql (Alpine package)

1) Privilege escalation

EUVDB-ID: #VU10810

Risk: Low

CVSSv4.0: 7.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Clear]

CVE-ID: CVE-2018-1058

CWE-ID: CWE-427 - Uncontrolled Search Path Element

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists in the pg_dump function due to improper security restrictions. A local attacker can submit a malicious function in separate namespaces and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

postgresql (Alpine package): 9.4.11-r0 - 9.5.11-r0

CPE2.3

• cpe:2.3:o:alpine:postgresql_alpine_package:9.4.11-r0:*:*:*:*:alpine_linux:*:3.2
• cpe:2.3:o:alpine:postgresql_alpine_package:9.4.12-r0:*:*:*:*:alpine_linux:*:3.2
• cpe:2.3:o:alpine:postgresql_alpine_package:9.4.13-r0:*:*:*:*:alpine_linux:*:3.2

External links

https://git.alpinelinux.org/aports/commit/?id=5600c80ab97b0bed725ec1c24f981a765e54593b
https://git.alpinelinux.org/aports/commit/?id=c2110f5a7667d71596172fb142d3a573bb958c83
https://git.alpinelinux.org/aports/commit/?id=2b95c8929982c3ff86b48ffe921cf9ddff6aeebd
https://git.alpinelinux.org/aports/commit/?id=5f580c412de14f7329bf77293a1c8bbce8a74d48
https://git.alpinelinux.org/aports/commit/?id=a45f08a77099d6808f80e50d6dbc853fcd710cdb
https://git.alpinelinux.org/aports/commit/?id=624b75626de3a26e8b8af8fb50e6923d00562d04
https://git.alpinelinux.org/aports/commit/?id=311beaa3b05e1d5dfd1a3eedff4315f03ec9cc3e

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.