Vulnerabilities > CVE-2006-2314 - Unspecified vulnerability in Postgresql
Summary
PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "\" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of "Encoding-Based SQL Injection." NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem.
Vulnerable Configurations
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_17F53C1D2AE911DBA6E2000E0C2E438A.NASL description The PostgreSQL development team reports : An attacker able to submit crafted strings to an application that will embed those strings in SQL commands can use invalidly-encoded multibyte characters to bypass standard string-escaping methods, resulting in possible injection of hostile SQL commands into the database. The attacks covered here work in any multibyte encoding. The widely-used practice of escaping ASCII single quote last seen 2020-06-01 modified 2020-06-02 plugin id 22208 published 2006-08-14 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22208 title FreeBSD : postgresql -- encoding based SQL injection (17f53c1d-2ae9-11db-a6e2-000e0c2e438a) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(22208); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:38"); script_cve_id("CVE-2006-2313", "CVE-2006-2314"); script_bugtraq_id(18092); script_name(english:"FreeBSD : postgresql -- encoding based SQL injection (17f53c1d-2ae9-11db-a6e2-000e0c2e438a)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "The PostgreSQL development team reports : An attacker able to submit crafted strings to an application that will embed those strings in SQL commands can use invalidly-encoded multibyte characters to bypass standard string-escaping methods, resulting in possible injection of hostile SQL commands into the database. The attacks covered here work in any multibyte encoding. The widely-used practice of escaping ASCII single quote ''' by turning it into '\'' is unsafe when operating in multibyte encodings that allow 0x5c (ASCII code for backslash) as the trailing byte of a multibyte character; this includes at least SJIS, BIG5, GBK, GB18030, and UHC. An application that uses this conversion while embedding untrusted strings in SQL commands is vulnerable to SQL-injection attacks if it communicates with the server in one of these encodings. While the standard client libraries used with PostgreSQL have escaped ''' in the safe, SQL-standard way of '''' for some time, the older practice remains common." ); # http://www.postgresql.org/docs/techdocs.50 script_set_attribute( attribute:"see_also", value:"https://www.postgresql.org/docs/techdocs.50/" ); # https://vuxml.freebsd.org/freebsd/17f53c1d-2ae9-11db-a6e2-000e0c2e438a.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?cc38503d" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ja-postgresql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:postgresql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:postgresql-server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/05/11"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/08/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"postgresql>=7.3<7.3.15")) flag++; if (pkg_test(save_report:TRUE, pkg:"postgresql>=7.4<7.4.13")) flag++; if (pkg_test(save_report:TRUE, pkg:"postgresql>=8.0.0<8.0.8")) flag++; if (pkg_test(save_report:TRUE, pkg:"postgresql>=8.1.0<8.1.4")) flag++; if (pkg_test(save_report:TRUE, pkg:"postgresql-server>=7.3<7.3.15")) flag++; if (pkg_test(save_report:TRUE, pkg:"postgresql-server>=7.4<7.4.13")) flag++; if (pkg_test(save_report:TRUE, pkg:"postgresql-server>=8.0.0<8.0.8")) flag++; if (pkg_test(save_report:TRUE, pkg:"postgresql-server>=8.1.0<8.1.4")) flag++; if (pkg_test(save_report:TRUE, pkg:"ja-postgresql>=7.3<7.3.15")) flag++; if (pkg_test(save_report:TRUE, pkg:"ja-postgresql>=7.4<7.4.13")) flag++; if (pkg_test(save_report:TRUE, pkg:"ja-postgresql>=8.0.0<8.0.8")) flag++; if (pkg_test(save_report:TRUE, pkg:"ja-postgresql>=8.1.0<8.1.4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Fedora Local Security Checks NASL id FEDORA_2006-578.NASL description - Mon May 22 2006 Tom Lane <tgl at redhat.com> 8.1.4-1.FC5.1 - Update to PostgreSQL 8.1.4 (includes fixes for CVE-2006-2313, CVE-2006-2314; see bug #192173) - Update to PyGreSQL 3.8 - Update to jdbc driver build 406 - Suppress noise from chcon, per bug #187744 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24111 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24111 title Fedora Core 5 : postgresql-8.1.4-1.FC5.1 (2006-578) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2006-578. # include("compat.inc"); if (description) { script_id(24111); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:24"); script_xref(name:"FEDORA", value:"2006-578"); script_name(english:"Fedora Core 5 : postgresql-8.1.4-1.FC5.1 (2006-578)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Mon May 22 2006 Tom Lane <tgl at redhat.com> 8.1.4-1.FC5.1 - Update to PostgreSQL 8.1.4 (includes fixes for CVE-2006-2313, CVE-2006-2314; see bug #192173) - Update to PyGreSQL 3.8 - Update to jdbc driver build 406 - Suppress noise from chcon, per bug #187744 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2006-May/000115.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8dd501d1" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:postgresql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:postgresql-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:postgresql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:postgresql-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:postgresql-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:postgresql-jdbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:postgresql-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:postgresql-pl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:postgresql-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:postgresql-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:postgresql-tcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:postgresql-test"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:5"); script_set_attribute(attribute:"patch_publication_date", value:"2006/05/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 5.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC5", reference:"postgresql-8.1.4-1.FC5.1")) flag++; if (rpm_check(release:"FC5", reference:"postgresql-contrib-8.1.4-1.FC5.1")) flag++; if (rpm_check(release:"FC5", reference:"postgresql-debuginfo-8.1.4-1.FC5.1")) flag++; if (rpm_check(release:"FC5", reference:"postgresql-devel-8.1.4-1.FC5.1")) flag++; if (rpm_check(release:"FC5", reference:"postgresql-docs-8.1.4-1.FC5.1")) flag++; if (rpm_check(release:"FC5", reference:"postgresql-jdbc-8.1.4-1.FC5.1")) flag++; if (rpm_check(release:"FC5", reference:"postgresql-libs-8.1.4-1.FC5.1")) flag++; if (rpm_check(release:"FC5", reference:"postgresql-pl-8.1.4-1.FC5.1")) flag++; if (rpm_check(release:"FC5", reference:"postgresql-python-8.1.4-1.FC5.1")) flag++; if (rpm_check(release:"FC5", reference:"postgresql-server-8.1.4-1.FC5.1")) flag++; if (rpm_check(release:"FC5", reference:"postgresql-tcl-8.1.4-1.FC5.1")) flag++; if (rpm_check(release:"FC5", reference:"postgresql-test-8.1.4-1.FC5.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql / postgresql-contrib / postgresql-debuginfo / etc"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2006-579.NASL description - Mon May 22 2006 Tom Lane <tgl at redhat.com> 8.0.8-1.FC4.1 - Update to PostgreSQL 8.0.8 (includes fixes for CVE-2006-2313, CVE-2006-2314; see bug #192173) - Update to jdbc driver build 316 - Suppress noise from chcon, per bug #187744 - Repair extraneous quote in pgtcl configure script ... odd that bash didn last seen 2020-06-01 modified 2020-06-02 plugin id 24112 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24112 title Fedora Core 4 : postgresql-8.0.8-1.FC4.1 (2006-579) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-288-3.NASL description USN-288-1 described a PostgreSQL client vulnerability in the way the >> last seen 2020-06-01 modified 2020-06-02 plugin id 27859 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27859 title Ubuntu 5.04 / 5.10 / 6.06 LTS : dovecot, exim4, postfix vulnerabilities (USN-288-3) NASL family SuSE Local Security Checks NASL id SUSE_DOVECOT-1987.NASL description Dovecot might have been affected by the multibyte character set SQL injection issues for instance described in CVE-2006-2314. This patch fixes the MySQL and PostgreSQL backend to use the correct quoting methods when passing user-supplied strings. last seen 2020-06-01 modified 2020-06-02 plugin id 27200 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27200 title openSUSE 10 Security Update : dovecot (dovecot-1987) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-098.NASL description PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of last seen 2020-06-01 modified 2020-06-02 plugin id 21670 published 2006-06-08 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21670 title Mandrake Linux Security Advisory : postgresql (MDKSA-2006:098) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200607-04.NASL description The remote host is affected by the vulnerability described in GLSA-200607-04 (PostgreSQL: SQL injection) PostgreSQL contains a flaw in the string parsing routines that allows certain backslash-escaped characters to be bypassed with some multibyte character encodings. This vulnerability was discovered by Akio Ishida and Yasuo Ohgaki. Impact : An attacker could execute arbitrary SQL statements on the PostgreSQL server. Be aware that web applications using PostgreSQL as a database back-end might be used to exploit this vulnerability. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 22011 published 2006-07-10 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22011 title GLSA-200607-04 : PostgreSQL: SQL injection NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1087.NASL description Several encoding problems have been discovered in PostgreSQL, a popular SQL database. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-2313 Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling of invalidly-encoded multibyte text data which could allow an attacker to inject arbitrary SQL commands. - CVE-2006-2314 A similar problem exists in client-side encodings (such as SJIS, BIG5, GBK, GB18030, and UHC) which contain valid multibyte characters that end with the backslash character. An attacker could supply a specially crafted byte sequence that is able to inject arbitrary SQL commands. This issue does not affect you if you only use single-byte (like SQL_ASCII or the ISO-8859-X family) or unaffected multibyte (like UTF-8) encodings. psycopg and python-pgsql use the old encoding for binary data and may have to be updated. The old stable distribution (woody) is affected by these problems but we last seen 2020-06-01 modified 2020-06-02 plugin id 22629 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22629 title Debian DSA-1087-1 : postgresql - programming error NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_030.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:030 (postgresql). Two character set encoding related security problems were fixed in the PostgreSQL database server: CVE-2006-2313: Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling of invalidly-encoded multibyte text data. If a client application processed untrusted input without respecting its encoding and applied standard string escaping techniques (such as replacing a single quote >> last seen 2019-10-28 modified 2006-06-16 plugin id 21723 published 2006-06-16 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21723 title SUSE-SA:2006:030: postgresql NASL family Fedora Local Security Checks NASL id FEDORA_2007-0249.NASL description 1.7.11 : fbsql : - Fixed commit and rollback to specify the handle to be used. 1.7.10 : mysqli : - Added a type map for BIT fields. 1.7.9 : sybase : - Added divide by zero error mapping. - Added a specific quoteFloat() implementation along the same lines as fbsql. - Updated tableInfo() to cope with old versions of ASE that don last seen 2020-06-01 modified 2020-06-02 plugin id 27656 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27656 title Fedora 7 : php-pear-DB-1.7.11-1.fc7 (2007-0249) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0526.NASL description Updated postgresql packages that fix several security vulnerabilities are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). A bug was found in the way PostgreSQL last seen 2020-06-01 modified 2020-06-02 plugin id 21905 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21905 title CentOS 3 / 4 : postgresql (CESA-2006:0526) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0526.NASL description Updated postgresql packages that fix several security vulnerabilities are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). A bug was found in the way PostgreSQL last seen 2020-06-01 modified 2020-06-02 plugin id 21595 published 2006-05-24 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21595 title RHEL 3 / 4 : postgresql (RHSA-2006:0526) NASL family SuSE Local Security Checks NASL id SUSE_POSTGRESQL-1443.NASL description This update fixes a security problem that allowed attackers to inject SQL commands into queries (CVE-2006-2313, CVE-2006-2314). last seen 2020-06-01 modified 2020-06-02 plugin id 27400 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27400 title openSUSE 10 Security Update : postgresql (postgresql-1443) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-288-1.NASL description CVE-2006-2313: Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling of invalidly-encoded multibyte text data. If a client application processed untrusted input without respecting its encoding and applied standard string escaping techniques (such as replacing a single quote >> last seen 2020-06-01 modified 2020-06-02 plugin id 21613 published 2006-05-29 reporter Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21613 title Ubuntu 5.04 / 5.10 : postgresql-7.4/-8.0, postgresql, psycopg, (USN-288-1) NASL family SuSE Local Security Checks NASL id SUSE_POSTGRESQL-SERVER-1442.NASL description This update fixes a security problem that allowed attackers to inject SQL commands into queries (CVE-2006-2313, CVE-2006-2314). last seen 2020-06-01 modified 2020-06-02 plugin id 27402 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27402 title openSUSE 10 Security Update : postgresql-server (postgresql-server-1442) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-288-2.NASL description USN-288-1 fixed two vulnerabilities in Ubuntu 5.04 and Ubuntu 5.10. This update fixes the same vulnerabilities for Ubuntu 6.06 LTS. For reference, these are the details of the original USN : CVE-2006-2313: Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling of invalidly-encoded multibyte text data. If a client application processed untrusted input without respecting its encoding and applied standard string escaping techniques (such as replacing a single quote >> last seen 2020-06-01 modified 2020-06-02 plugin id 27858 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27858 title Ubuntu 6.06 LTS : postgresql-8.1 vulnerabilities (USN-288-2)
Oval
accepted | 2013-04-29T04:23:33.201-04:00 | ||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||
contributors |
| ||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||
description | PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "\" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of "Encoding-Based SQL Injection." NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem. | ||||||||||||||||||||
family | unix | ||||||||||||||||||||
id | oval:org.mitre.oval:def:9947 | ||||||||||||||||||||
status | accepted | ||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
title | PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "\" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of "Encoding-Based SQL Injection." NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem. | ||||||||||||||||||||
version | 26 |
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://archives.postgresql.org/pgsql-announce/2006-05/msg00010.php
- http://www.postgresql.org/docs/techdocs.50
- http://www.redhat.com/support/errata/RHSA-2006-0526.html
- http://secunia.com/advisories/20231
- http://secunia.com/advisories/20232
- http://www.securityfocus.com/bid/18092
- http://securitytracker.com/id?1016142
- http://secunia.com/advisories/20314
- http://www.debian.org/security/2006/dsa-1087
- http://www.trustix.org/errata/2006/0032/
- http://www.osvdb.org/25731
- http://secunia.com/advisories/20435
- http://secunia.com/advisories/20451
- http://secunia.com/advisories/20503
- http://lists.suse.com/archive/suse-security-announce/2006-Jun/0002.html
- http://secunia.com/advisories/20555
- ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc
- http://secunia.com/advisories/20782
- http://www.ubuntu.com/usn/usn-288-2
- http://www.ubuntu.com/usn/usn-288-3
- http://security.gentoo.org/glsa/glsa-200607-04.xml
- http://secunia.com/advisories/21001
- http://www.novell.com/linux/security/advisories/2006_21_sr.html
- http://secunia.com/advisories/21749
- http://support.avaya.com/elmodocs2/security/ASA-2006-113.htm
- http://secunia.com/advisories/20653
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:098
- http://www.vupen.com/english/advisories/2006/1941
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26628
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26627
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9947
- https://usn.ubuntu.com/288-1/
- http://www.securityfocus.com/archive/1/435161/100/0/threaded
- http://www.securityfocus.com/archive/1/435038/100/0/threaded