#VU315 Disclosure of user information in PostgreSQL and Oracle Linux - CVE-2016-5424


| Updated: 2018-11-22

Vulnerability identifier: #VU315

Vulnerability risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-5424

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
PostgreSQL
Server applications / Database software
Oracle Linux
Operating systems & Components / Operating system

Vendor: PostgreSQL Global Development Group
Oracle

Description
The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists in PostgreSQL. A remote authenticated attacker with CREATEDB or CREATEROLE roles can gain elevated privileges on the target system by creating a specially crafted object name containing newlines, carriage returns, double quotes, or backslashes.

Successful exploitation of this vulnerability may result in disclosure of user information.

Mitigation
Install the following versions: (9.1.23, 9.2.18, 9.3.14, 9.4.9, 9.5.4).

Vulnerable software versions

PostgreSQL: 9.1

Oracle Linux: 7

External links
https://www.postgresql.org/about/news/1688/
https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Red Hat update for rh-postgresql95-postgresql
OpenSUSE Linux update for postgresql93
Gentoo update for PostgreSQL
OpenSUSE Linux update for postgresql94
OpenSUSE Linux update for postgresql93
SUSE Linux update for postgresql94
SUSE Linux update for postgresql94
SUSE Linux update for postgresql93
Amazon Linux AMI update for postgresql92, postgresql93, postgresql94
Ubuntu update for PostgreSQL