SB2019080820 - Multiple vulnerabilities in PostgreSQL
Published: August 8, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-10208)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to way PostreSQL processes SECURITY DEFINER functions. A privileged attacker with EXECUTE permission, which must itself contain a function call having inexact argument type match, can execute arbitrary SQL query under the identity of the function owner.
2) Information disclosure (CVE-ID: CVE-2019-10209)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to way PostgreSQL processes user-defined hash equality operators. A remote attacker can under certain circumstances read arbitrary bytes from server memory.
Note, exploitation of this vulnerability requires a superuser to create unusual operators.
3) Unprotected storage of credentials (CVE-ID: CVE-2019-10210)
4) Untrusted search path (CVE-ID: CVE-2019-10211)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to EnterpriseDB Windows installer bundles an OpenSSL library that tries to load configuration from a hard-coded location on the system. This location usually does not exists, therefore an attacker can create a folder, place malicious configuration file in it and execute the configuration.
Remediation
Install update from vendor's website.