All the vulnerabilites related to Red Hat, Inc. - postgresql
cve-2017-15099
Vulnerability from cvelistv5
Published
2017-11-22 18:00
Modified
2024-09-16 16:43
Severity ?
EPSS score ?
Summary
INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/101781 | vdb-entry, x_refsource_BID | |
https://access.redhat.com/errata/RHSA-2018:2511 | vendor-advisory, x_refsource_REDHAT | |
https://www.postgresql.org/support/security/ | x_refsource_MISC | |
http://www.securitytracker.com/id/1039752 | vdb-entry, x_refsource_SECTRACK | |
https://www.postgresql.org/about/news/1801/ | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2018:2566 | vendor-advisory, x_refsource_REDHAT | |
https://www.debian.org/security/2017/dsa-4028 | vendor-advisory, x_refsource_DEBIAN |
Impacted products
▼ | Vendor | Product |
---|---|---|
Red Hat, Inc. | postgresql |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:50:16.128Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "101781", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101781" }, { "name": "RHSA-2018:2511", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2511" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.postgresql.org/support/security/" }, { "name": "1039752", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039752" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.postgresql.org/about/news/1801/" }, { "name": "RHSA-2018:2566", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2566" }, { "name": "DSA-4028", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4028" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "postgresql", "vendor": "Red Hat, Inc.", "versions": [ { "status": "affected", "version": "10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10" } ] } ], "datePublic": "2017-11-09T00:00:00", "descriptions": [ { "lang": "en", "value": "INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-08-28T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "101781", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101781" }, { "name": "RHSA-2018:2511", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2511" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.postgresql.org/support/security/" }, { "name": "1039752", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039752" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.postgresql.org/about/news/1801/" }, { "name": "RHSA-2018:2566", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2566" }, { "name": "DSA-4028", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4028" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "DATE_PUBLIC": "2017-11-09T00:00:00", "ID": "CVE-2017-15099", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "postgresql", "version": { "version_data": [ { "version_value": "10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10" } ] } } ] }, "vendor_name": "Red Hat, Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-200" } ] } ] }, "references": { "reference_data": [ { "name": "101781", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101781" }, { "name": "RHSA-2018:2511", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2511" }, { "name": "https://www.postgresql.org/support/security/", "refsource": "MISC", "url": "https://www.postgresql.org/support/security/" }, { "name": "1039752", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039752" }, { "name": "https://www.postgresql.org/about/news/1801/", "refsource": "CONFIRM", "url": "https://www.postgresql.org/about/news/1801/" }, { "name": "RHSA-2018:2566", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2566" }, { "name": "DSA-4028", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4028" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-15099", "datePublished": "2017-11-22T18:00:00Z", "dateReserved": "2017-10-08T00:00:00", "dateUpdated": "2024-09-16T16:43:27.924Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-12172
Vulnerability from cvelistv5
Published
2017-11-22 19:00
Modified
2024-09-16 22:20
Severity ?
EPSS score ?
Summary
PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2017:3402 | vendor-advisory, x_refsource_REDHAT | |
http://www.securityfocus.com/bid/101949 | vdb-entry, x_refsource_BID | |
https://access.redhat.com/errata/RHSA-2017:3403 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2017:3405 | vendor-advisory, x_refsource_REDHAT | |
https://www.postgresql.org/support/security/ | x_refsource_MISC | |
http://www.securitytracker.com/id/1039752 | vdb-entry, x_refsource_SECTRACK | |
https://www.postgresql.org/about/news/1801/ | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2017:3404 | vendor-advisory, x_refsource_REDHAT |
Impacted products
▼ | Vendor | Product |
---|---|---|
Red Hat, Inc. | postgresql |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:28:16.655Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:3402", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3402" }, { "name": "101949", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101949" }, { "name": "RHSA-2017:3403", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3403" }, { "name": "RHSA-2017:3405", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3405" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.postgresql.org/support/security/" }, { "name": "1039752", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039752" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.postgresql.org/about/news/1801/" }, { "name": "RHSA-2017:3404", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3404" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "postgresql", "vendor": "Red Hat, Inc.", "versions": [ { "status": "affected", "version": "10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, 9.2.x before 9.2.24" } ] } ], "datePublic": "2017-11-09T00:00:00", "descriptions": [ { "lang": "en", "value": "PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-59", "description": "CWE-59", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-08T10:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2017:3402", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3402" }, { "name": "101949", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101949" }, { "name": "RHSA-2017:3403", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3403" }, { "name": "RHSA-2017:3405", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3405" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.postgresql.org/support/security/" }, { "name": "1039752", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039752" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.postgresql.org/about/news/1801/" }, { "name": "RHSA-2017:3404", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3404" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "DATE_PUBLIC": "2017-11-09T00:00:00", "ID": "CVE-2017-12172", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "postgresql", "version": { "version_data": [ { "version_value": "10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, 9.2.x before 9.2.24" } ] } } ] }, "vendor_name": "Red Hat, Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-59" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:3402", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3402" }, { "name": "101949", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101949" }, { "name": "RHSA-2017:3403", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3403" }, { "name": "RHSA-2017:3405", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3405" }, { "name": "https://www.postgresql.org/support/security/", "refsource": "MISC", "url": "https://www.postgresql.org/support/security/" }, { "name": "1039752", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039752" }, { "name": "https://www.postgresql.org/about/news/1801/", "refsource": "CONFIRM", "url": "https://www.postgresql.org/about/news/1801/" }, { "name": "RHSA-2017:3404", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3404" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-12172", "datePublished": "2017-11-22T19:00:00Z", "dateReserved": "2017-08-01T00:00:00", "dateUpdated": "2024-09-16T22:20:22.695Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-15098
Vulnerability from cvelistv5
Published
2017-11-22 17:00
Modified
2024-09-16 23:10
Severity ?
EPSS score ?
Summary
Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/101781 | vdb-entry, x_refsource_BID | |
https://www.debian.org/security/2017/dsa-4027 | vendor-advisory, x_refsource_DEBIAN | |
https://access.redhat.com/errata/RHSA-2018:2511 | vendor-advisory, x_refsource_REDHAT | |
https://www.postgresql.org/support/security/ | x_refsource_MISC | |
http://www.securitytracker.com/id/1039752 | vdb-entry, x_refsource_SECTRACK | |
https://www.postgresql.org/about/news/1801/ | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2018:2566 | vendor-advisory, x_refsource_REDHAT | |
https://www.debian.org/security/2017/dsa-4028 | vendor-advisory, x_refsource_DEBIAN |
Impacted products
▼ | Vendor | Product |
---|---|---|
Red Hat, Inc. | postgresql |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:50:14.965Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "101781", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101781" }, { "name": "DSA-4027", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4027" }, { "name": "RHSA-2018:2511", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2511" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.postgresql.org/support/security/" }, { "name": "1039752", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039752" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.postgresql.org/about/news/1801/" }, { "name": "RHSA-2018:2566", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2566" }, { "name": "DSA-4028", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4028" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "postgresql", "vendor": "Red Hat, Inc.", "versions": [ { "status": "affected", "version": "10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20" } ] } ], "datePublic": "2017-11-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-08-28T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "101781", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101781" }, { "name": "DSA-4027", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4027" }, { "name": "RHSA-2018:2511", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2511" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.postgresql.org/support/security/" }, { "name": "1039752", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039752" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.postgresql.org/about/news/1801/" }, { "name": "RHSA-2018:2566", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2566" }, { "name": "DSA-4028", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4028" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "DATE_PUBLIC": "2017-11-09T00:00:00", "ID": "CVE-2017-15098", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "postgresql", "version": { "version_data": [ { "version_value": "10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20" } ] } } ] }, "vendor_name": "Red Hat, Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-200" } ] } ] }, "references": { "reference_data": [ { "name": "101781", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101781" }, { "name": "DSA-4027", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4027" }, { "name": "RHSA-2018:2511", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2511" }, { "name": "https://www.postgresql.org/support/security/", "refsource": "MISC", "url": "https://www.postgresql.org/support/security/" }, { "name": "1039752", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039752" }, { "name": "https://www.postgresql.org/about/news/1801/", "refsource": "CONFIRM", "url": "https://www.postgresql.org/about/news/1801/" }, { "name": "RHSA-2018:2566", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2566" }, { "name": "DSA-4028", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4028" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-15098", "datePublished": "2017-11-22T17:00:00Z", "dateReserved": "2017-10-08T00:00:00", "dateUpdated": "2024-09-16T23:10:51.250Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }