Rapid7 Vulnerability & Exploit Database

RHSA-2010:0429: postgresql security update

Back to Search

RHSA-2010:0429: postgresql security update

Severity
9
CVSS
(AV:N/AC:M/Au:S/C:C/I:C/A:C)
Published
05/19/2010
Created
07/25/2018
Added
05/28/2010
Modified
07/04/2017

Description

PostgreSQL is an advanced object-relational database management system(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in thePerl and Tcl languages, and are installed in trusted mode by default. Intrusted mode, certain operations, such as operating system level access,are restricted.A flaw was found in the way PostgreSQL enforced permission checks onscripts written in PL/Perl. If the PL/Perl procedural language wasregistered on a particular database, an authenticated database user runninga specially-crafted PL/Perl script could use this flaw to bypass intendedPL/Perl trusted mode restrictions, allowing them to run arbitrary Perlscripts with the privileges of the database server. (CVE-2010-1169)Red Hat would like to thank Tim Bunce for responsibly reporting theCVE-2010-1169 flaw.A flaw was found in the way PostgreSQL enforced permission checks onscripts written in PL/Tcl. If the PL/Tcl procedural language was registeredon a particular database, an authenticated database user running aspecially-crafted PL/Tcl script could use this flaw to bypass intendedPL/Tcl trusted mode restrictions, allowing them to run arbitrary Tclscripts with the privileges of the database server. (CVE-2010-1170)A buffer overflow flaw was found in the way PostgreSQL retrieved asubstring from the bit string for BIT() and BIT VARYING() SQL data types.An authenticated database user running a specially-crafted SQL query coulduse this flaw to cause a temporary denial of service (postgres daemoncrash) or, potentially, execute arbitrary code with the privileges of thedatabase server. (CVE-2010-0442)An integer overflow flaw was found in the way PostgreSQL used to calculatethe size of the hash table for joined relations. An authenticated databaseuser could create a specially-crafted SQL query which could cause atemporary denial of service (postgres daemon crash) or, potentially,execute arbitrary code with the privileges of the database server.(CVE-2010-0733)PostgreSQL improperly protected session-local state during the execution ofan index function by a database superuser during the database maintenanceoperations. An authenticated database user could use this flaw to elevatetheir privileges via specially-crafted index functions. (CVE-2009-4136)These packages upgrade PostgreSQL to version 8.1.21. Refer to thePostgreSQL Release Notes for a list of changes:http://www.postgresql.org/docs/8.1/static/release.htmlAll PostgreSQL users are advised to upgrade to these updated packages,which correct these issues. If the postgresql service is running, it willbe automatically restarted after installing this update.

Solution(s)

  • redhat-upgrade-postgresql
  • redhat-upgrade-postgresql-contrib
  • redhat-upgrade-postgresql-devel
  • redhat-upgrade-postgresql-docs
  • redhat-upgrade-postgresql-libs
  • redhat-upgrade-postgresql-pl
  • redhat-upgrade-postgresql-python
  • redhat-upgrade-postgresql-server
  • redhat-upgrade-postgresql-tcl
  • redhat-upgrade-postgresql-test

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;