#VU9167 Security restrictions bypass in PostgreSQL - CVE-2017-15099


Vulnerability identifier: #VU9167

Vulnerability risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-15099

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
PostgreSQL
Server applications / Database software

Vendor: PostgreSQL Global Development Group

Description
The vulnerability allows a remote attacker to bypass security restrictions on a targeted system.

The weakness exists due to improper security restrictions in the case of an arbiter specified by constraint name. A remote attacker can submit specially crafted INSERT requests and bypass security controls on the update path of 'INSERT ... ON CONFLICT DO UPDATE' function to conduct further attacks.

Mitigation
Update to version 9.6.6.

Vulnerable software versions

PostgreSQL: 9.4.0 - 9.4.13, 9.5.0 - 9.5.8, 9.6.0 - 9.6.5

External links
https://www.postgresql.org/docs/current/static/release-9-6-6.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Red Hat update for PostgreSQL
Red Hat update for PostgreSQL
openSUSE update for postgresql95
Amazon Linux AMI update for postgresql95, postgresql96
Security restrictions bypass in postgresql (Alpine package)
Ubuntu update for PostgreSQL
Arch Linux update for postgresql
Arch Linux update for postgresql-old-upgrade
Multiple vulnerabilities in PostgreSQL
Debian update for postgresql-9.6