SB2021052507 - Zoho ManageEngine OpManager update for PostgreSQL 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021052507

SB2021052507 - Zoho ManageEngine OpManager update for PostgreSQL

Published: May 25, 2021

Security Bulletin ID SB2021052507
Severity
Medium
Patch available
YES
Number of vulnerabilities 9
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 89% Low 11%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 secuirty vulnerabilities.


1) Untrusted search path (CVE-ID: CVE-2020-10733)

The vulnerability allows a local user to escalate privileges on he system.

The vulnerability exists due to Windows installer runs  executables from uncontrolled directories. A local user can trick the victim to install PostgreSQL from a directory that contains a malicious files and execute arbitrary code on the system with elevated privileges.

Note, this vulnerability affects Windows installer only.


2) SQL injection (CVE-ID: CVE-2020-25695)

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.


3) Improper access control (CVE-ID: CVE-2020-25694)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can perform a man-in-the-middle attack or observe clear-text transmissions and downgrade connection security settings.


4) Input validation error (CVE-ID: CVE-2020-25696)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the "\gset" meta-command does not distinguish variables that control psql behavior. A remote attacker can execute arbitrary code as the operating system account.


5) Untrusted search path (CVE-ID: CVE-2020-14349)

The vulnerability allows a remote user to escalate privileges within the database.

The vulnerability exists due to the way PostgreSQL handles search_path during replications. Users of a replication publisher or subscriber database can create objects in the public schema and harness them to execute arbitrary SQL functions under the identity running replication, often a superuser.


6) Untrusted search path (CVE-ID: CVE-2020-14350)

The vulnerability allows a remote user to escalate privileges within the database.

The vulnerability exists due to the way PostgreSQL handles CREATE EXTENSION statements. A remote user with permission to create objects in the new extension's schema or a schema of a prerequisite extension can execute arbitrary SQL functions under the identity of the superuser in certain cases.


7) Integer overflow (CVE-ID: CVE-2021-32027)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow when processing certain SQL array values during array subscribing calculation. An authenticated database user can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system and can be exploited by a remote unauthenticated attacker via SQL injection vulnerability in the frontend application.


8) Memory leak (CVE-ID: CVE-2021-32028)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due memory leak within the INSERT ... ON CONFLICT ... DO UPDATE command implementation. A remote authenticated database user can execute the affected command to read arbitrary bytes of server memory. In the default configuration, any authenticated database user can create prerequisite objects and complete this attack at will.


9) Memory leak (CVE-ID: CVE-2021-32029)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due memory leak when processing UPDATE ... RETURNING command on a purpose-crafted partitioned table. A remote authenticated user can run the affected command and read arbitrary bytes of server memory. In the default configuration, any authenticated database user can create prerequisite objects and complete this attack at will.


Remediation

Install update from vendor's website.

References