Vulnerabilities > CVE-2016-5423 - NULL Pointer Dereference vulnerability in multiple products

047910
CVSS 8.3 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
debian
postgresql
CWE-476
nessus

Summary

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.

Vulnerable Configurations

Part Description Count
OS
Debian
1
Application
Postgresql
316

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3646.NASL
    descriptionSeveral vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. - CVE-2016-5423 Karthikeyan Jambu Rajaraman discovered that nested CASE-WHEN expressions are not properly evaluated, potentially leading to a crash or allowing to disclose portions of server memory. - CVE-2016-5424 Nathan Bossart discovered that special characters in database and role names are not properly handled, potentially leading to the execution of commands with superuser privileges, when a superuser executes pg_dumpall or other routine maintenance operations.
    last seen2020-06-01
    modified2020-06-02
    plugin id92875
    published2016-08-12
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92875
    titleDebian DSA-3646-1 : postgresql-9.4 - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-3646. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(92875);
      script_version("2.9");
      script_cvs_date("Date: 2018/11/10 11:49:38");
    
      script_cve_id("CVE-2016-5423", "CVE-2016-5424");
      script_xref(name:"DSA", value:"3646");
    
      script_name(english:"Debian DSA-3646-1 : postgresql-9.4 - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been found in PostgreSQL-9.4, a SQL
    database system.
    
      - CVE-2016-5423
        Karthikeyan Jambu Rajaraman discovered that nested
        CASE-WHEN expressions are not properly evaluated,
        potentially leading to a crash or allowing to disclose
        portions of server memory.
    
      - CVE-2016-5424
        Nathan Bossart discovered that special characters in
        database and role names are not properly handled,
        potentially leading to the execution of commands with
        superuser privileges, when a superuser executes
        pg_dumpall or other routine maintenance operations."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2016-5423"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2016-5424"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/postgresql-9.4"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2016/dsa-3646"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the postgresql-9.4 packages.
    
    For the stable distribution (jessie), these problems have been fixed
    in version 9.4.9-0+deb8u1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:postgresql-9.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/08/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"libecpg-compat3", reference:"9.4.9-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"libecpg-dev", reference:"9.4.9-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"libecpg6", reference:"9.4.9-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"libpgtypes3", reference:"9.4.9-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"libpq-dev", reference:"9.4.9-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"libpq5", reference:"9.4.9-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"postgresql-9.4", reference:"9.4.9-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"postgresql-9.4-dbg", reference:"9.4.9-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"postgresql-client-9.4", reference:"9.4.9-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"postgresql-contrib-9.4", reference:"9.4.9-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"postgresql-doc-9.4", reference:"9.4.9-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"postgresql-plperl-9.4", reference:"9.4.9-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"postgresql-plpython-9.4", reference:"9.4.9-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"postgresql-plpython3-9.4", reference:"9.4.9-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"postgresql-pltcl-9.4", reference:"9.4.9-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"postgresql-server-dev-9.4", reference:"9.4.9-0+deb8u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2414-1.NASL
    descriptionThis update for postgresql93 to version 9.3.14 fixes the several issues. These security issues were fixed : - CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference (bsc#993454). - CVE-2016-5424: Fix client programs
    last seen2020-06-01
    modified2020-06-02
    plugin id93806
    published2016-09-30
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93806
    titleSUSE SLES12 Security Update : postgresql93 (SUSE-SU-2016:2414-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2016:2414-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93806);
      script_version("2.13");
      script_cvs_date("Date: 2019/09/11 11:22:14");
    
      script_cve_id("CVE-2016-5423", "CVE-2016-5424");
    
      script_name(english:"SUSE SLES12 Security Update : postgresql93 (SUSE-SU-2016:2414-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for postgresql93 to version 9.3.14 fixes the several
    issues. These security issues were fixed :
    
      - CVE-2016-5423: CASE/WHEN with inlining can cause
        untrusted pointer dereference (bsc#993454).
    
      - CVE-2016-5424: Fix client programs' handling of special
        characters in database and role names (bsc#993453).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=973660"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=993453"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=993454"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5423/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5424/"
      );
      # https://www.suse.com/support/update/announcement/2016/suse-su-20162414-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0fbb3d9e"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server for SAP 12:zypper in -t patch
    SUSE-SLE-SAP-12-2016-1407=1
    
    SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-2016-1407=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql93");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql93-contrib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql93-contrib-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql93-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql93-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql93-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql93-server-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/09/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"0", reference:"postgresql93-9.3.14-19.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"postgresql93-contrib-9.3.14-19.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"postgresql93-contrib-debuginfo-9.3.14-19.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"postgresql93-debuginfo-9.3.14-19.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"postgresql93-debugsource-9.3.14-19.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"postgresql93-server-9.3.14-19.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"postgresql93-server-debuginfo-9.3.14-19.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql93");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2016-0015.NASL
    descriptionAn update of [openjdk,openjre,postgresql] packages for PhotonOS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111849
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111849
    titlePhoton OS 1.0: Openjdk / Openjre / Postgresql PHSA-2016-0015 (deprecated)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1140.NASL
    descriptionThe postgresql server postgresql93 was updated to 9.3.14 fixes the following issues : Update to version 9.3.14 : - Fix possible mis-evaluation of nested CASE-WHEN expressions (CVE-2016-5423, boo#993454) - Fix client programs
    last seen2020-06-05
    modified2016-10-03
    plugin id93825
    published2016-10-03
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93825
    titleopenSUSE Security Update : postgresql93 (openSUSE-2016-1140)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-30B01BDEDD.NASL
    descriptionUpdate to version 9.5.4 per release notes, includes security fixes for CVE-2016-5423 and CVE-2016-5424 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-08-24
    plugin id93085
    published2016-08-24
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93085
    titleFedora 24 : postgresql (2016-30b01bdedd)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2415-1.NASL
    descriptionThis update for postgresql94 to version 9.4.9 fixes the several issues. These security issues were fixed : - CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference (bsc#993454). - CVE-2016-5424: Fix client programs
    last seen2020-06-01
    modified2020-06-02
    plugin id93807
    published2016-09-30
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93807
    titleSUSE SLED12 / SLES12 Security Update : postgresql94 (SUSE-SU-2016:2415-1)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_CA16FD0B5FD111E6A6F26CC21735F730.NASL
    descriptionPostgreSQL project reports : Security Fixes nested CASE expressions + database and role names with embedded special characters - CVE-2016-5423: certain nested CASE expressions can cause the server to crash. - CVE-2016-5424: database and role names with embedded special characters can allow code injection during administrative operations like pg_dumpall.
    last seen2020-06-01
    modified2020-06-02
    plugin id92929
    published2016-08-12
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92929
    titleFreeBSD : PostgreSQL -- Denial-of-Service and Code Injection Vulnerabilities (ca16fd0b-5fd1-11e6-a6f2-6cc21735f730)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2606.NASL
    descriptionAn update for postgresql is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a newer upstream version: postgresql (9.2.18). Security Fix(es) : * A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code. (CVE-2016-5423) * A flaw was found in the way PostgreSQL client programs handled database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable client program. (CVE-2016-5424) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Heikki Linnakangas as the original reporter of CVE-2016-5423; and Nathan Bossart as the original reporter of CVE-2016-5424. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id94569
    published2016-11-04
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94569
    titleRHEL 7 : postgresql (RHSA-2016:2606)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-765BB26915.NASL
    descriptionUpdate to version 9.5.4 per release notes, includes security fixes for CVE-2016-5423 and CVE-2016-5424 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-11-15
    plugin id94820
    published2016-11-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94820
    titleFedora 25 : postgresql (2016-765bb26915)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3066-1.NASL
    descriptionHeikki Linnakangas discovered that PostgreSQL incorrectly handled certain nested CASE/WHEN expressions. A remote attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service. (CVE-2016-5423) Nathan Bossart discovered that PostgreSQL incorrectly handled special characters in database and role names. A remote attacker could possibly use this issue to escalate privileges. (CVE-2016-5424). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93047
    published2016-08-19
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93047
    titleUbuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : postgresql-9.1, postgresql-9.3, postgresql-9.5 vulnerabilities (USN-3066-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1161.NASL
    descriptionThis update for postgresql94 to version 9.4.9 fixes the several issues. These security issues were fixed : - CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference (bsc#993454). - CVE-2016-5424: Fix client programs
    last seen2020-06-05
    modified2016-10-12
    plugin id93997
    published2016-10-12
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93997
    titleopenSUSE Security Update : postgresql94 (openSUSE-2016-1161)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-5486A6DFC0.NASL
    descriptionUpdate to version 9.4.9 per release notes, includes security fixes for CVE-2016-5423 and CVE-2016-5424 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-08-24
    plugin id93087
    published2016-08-24
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93087
    titleFedora 23 : postgresql (2016-5486a6dfc0)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20161103_POSTGRESQL_ON_SL7_X.NASL
    descriptionThe following packages have been upgraded to a newer upstream version: postgresql (9.2.18). Security Fix(es) : - A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code. (CVE-2016-5423) - A flaw was found in the way PostgreSQL client programs handled database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable client program. (CVE-2016-5424) Additional Changes :
    last seen2020-03-18
    modified2016-12-15
    plugin id95856
    published2016-12-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95856
    titleScientific Linux Security Update : postgresql on SL7.x x86_64 (20161103)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2016-1058.NASL
    descriptionAccording to the versions of the postgresql packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code.(CVE-2016-5423) - A flaw was found in the way PostgreSQL client programs handled database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable client program.(CVE-2016-5424i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-05-01
    plugin id99820
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99820
    titleEulerOS 2.0 SP1 : postgresql (EulerOS-SA-2016-1058)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-592.NASL
    descriptionSeveral vulnerabilities have been found in PostgreSQL, a SQL database system. CVE-2016-5423 Karthikeyan Jambu Rajaraman discovered that nested CASE-WHEN expressions are not properly evaluated, potentially leading to a crash or allowing to disclose portions of server memory. CVE-2016-5424 Nathan Bossart discovered that special characters in database and role names are not properly handled, potentially leading to the execution of commands with superuser privileges, when a superuser executes pg_dumpall or other routine maintenance operations. For Debian 7
    last seen2020-03-17
    modified2016-08-12
    plugin id92873
    published2016-08-12
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/92873
    titleDebian DLA-592-1 : postgresql-9.1 security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-472.NASL
    descriptionThis update for postgresql93 to version 9.3.14 fixes the several issues. These security issues were fixed : - CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference (bsc#993454). - CVE-2016-5424: Fix client programs
    last seen2020-06-05
    modified2017-04-17
    plugin id99417
    published2017-04-17
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99417
    titleopenSUSE Security Update : postgresql93 (openSUSE-2017-472)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-2606.NASL
    descriptionAn update for postgresql is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a newer upstream version: postgresql (9.2.18). Security Fix(es) : * A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code. (CVE-2016-5423) * A flaw was found in the way PostgreSQL client programs handled database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable client program. (CVE-2016-5424) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Heikki Linnakangas as the original reporter of CVE-2016-5423; and Nathan Bossart as the original reporter of CVE-2016-5424. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id95352
    published2016-11-28
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95352
    titleCentOS 7 : postgresql (CESA-2016:2606)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2016-747.NASL
    descriptionA flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code. (CVE-2016-5423) A flaw was found in the way PostgreSQL client programs handled database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable client program. (CVE-2016-5424)
    last seen2020-06-01
    modified2020-06-02
    plugin id93539
    published2016-09-16
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/93539
    titleAmazon Linux AMI : postgresql92 / postgresql93,postgresql94 (ALAS-2016-747)
  • NASL familyDatabases
    NASL idPOSTGRESQL_20160811.NASL
    descriptionThe version of PostgreSQL installed on the remote host is 9.1.x prior to 9.1.23, 9.2.x prior to 9.2.18, 9.3.x prior to 9.3.14, 9.4.x prior to 9.4.9, or 9.5.x prior to 9.5.4. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists that allows an authenticated, remote attacker to crash the database via specially crafted nested CASE expressions. (CVE-2016-5423) - A flaw exists that is triggered during the handling of database and role names with embedded special characters. An unauthenticated, remote attacker can exploit this to execute arbitrary code during administrative operations such as pg_dumpall. (CVE-2016-5424) - A denial of service vulnerability exists in the pg_get_expr() function that is triggered during the handling of inconsistent values. An authenticated, remote attacker can exploit this to crash the database. - An overflow condition exists in the to_number() function due to improper validation of user-supplied input. An authenticated, remote attacker can exploit this to cause a denial of service condition.
    last seen2020-06-01
    modified2020-06-02
    plugin id93050
    published2016-08-19
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93050
    titlePostgreSQL 9.1.x < 9.1.23 / 9.2.x < 9.2.18 / 9.3.x < 9.3.14 / 9.4.x < 9.4.9 / 9.5.x < 9.5.4 Multiple Vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201701-33.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201701-33 (PostgreSQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or escalate privileges. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id96474
    published2017-01-13
    reporterThis script is Copyright (C) 2017 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96474
    titleGLSA-201701-33 : PostgreSQL: Multiple vulnerabilities
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_414C18BF365311E795506CC21735F730.NASL
    descriptionThe PostgreSQL project reports : Security Fixes nested CASE expressions + database and role names with embedded special characters - CVE-2017-7484: selectivity estimators bypass SELECT privilege checks. - CVE-2017-7485: libpq ignores PGREQUIRESSL environment variable - CVE-2017-7486: pg_user_mappings view discloses foreign server passwords. This applies to new databases, see the release notes for the procedure to apply the fix to an existing database.
    last seen2020-06-01
    modified2020-06-02
    plugin id100141
    published2017-05-12
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100141
    titleFreeBSD : PostgreSQL vulnerabilities (414c18bf-3653-11e7-9550-6cc21735f730)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2016-0015_POSTGRESQL.NASL
    descriptionAn update of the postgresql package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121662
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121662
    titlePhoton OS 1.0: Postgresql PHSA-2016-0015
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-2606.NASL
    descriptionFrom Red Hat Security Advisory 2016:2606 : An update for postgresql is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a newer upstream version: postgresql (9.2.18). Security Fix(es) : * A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code. (CVE-2016-5423) * A flaw was found in the way PostgreSQL client programs handled database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable client program. (CVE-2016-5424) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Heikki Linnakangas as the original reporter of CVE-2016-5423; and Nathan Bossart as the original reporter of CVE-2016-5424. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id94725
    published2016-11-11
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94725
    titleOracle Linux 7 : postgresql (ELSA-2016-2606)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2418-1.NASL
    descriptionThis update for postgresql94 to version 9.4.9 fixes the several issues. These security issues were fixed : - CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference (bsc#993454). - CVE-2016-5424: Fix client programs
    last seen2020-06-01
    modified2020-06-02
    plugin id93808
    published2016-09-30
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93808
    titleSUSE SLES11 Security Update : postgresql94 (SUSE-SU-2016:2418-1)

Redhat

advisories
  • rhsa
    idRHSA-2016:1781
  • rhsa
    idRHSA-2016:1820
  • rhsa
    idRHSA-2016:1821
  • rhsa
    idRHSA-2016:2606
  • rhsa
    idRHSA-2017:2425
rpms
  • rh-postgresql94-postgresql-0:9.4.9-1.el6
  • rh-postgresql94-postgresql-0:9.4.9-1.el7
  • rh-postgresql94-postgresql-contrib-0:9.4.9-1.el6
  • rh-postgresql94-postgresql-contrib-0:9.4.9-1.el7
  • rh-postgresql94-postgresql-debuginfo-0:9.4.9-1.el6
  • rh-postgresql94-postgresql-debuginfo-0:9.4.9-1.el7
  • rh-postgresql94-postgresql-devel-0:9.4.9-1.el6
  • rh-postgresql94-postgresql-devel-0:9.4.9-1.el7
  • rh-postgresql94-postgresql-docs-0:9.4.9-1.el6
  • rh-postgresql94-postgresql-docs-0:9.4.9-1.el7
  • rh-postgresql94-postgresql-libs-0:9.4.9-1.el6
  • rh-postgresql94-postgresql-libs-0:9.4.9-1.el7
  • rh-postgresql94-postgresql-plperl-0:9.4.9-1.el6
  • rh-postgresql94-postgresql-plperl-0:9.4.9-1.el7
  • rh-postgresql94-postgresql-plpython-0:9.4.9-1.el6
  • rh-postgresql94-postgresql-plpython-0:9.4.9-1.el7
  • rh-postgresql94-postgresql-pltcl-0:9.4.9-1.el6
  • rh-postgresql94-postgresql-pltcl-0:9.4.9-1.el7
  • rh-postgresql94-postgresql-server-0:9.4.9-1.el6
  • rh-postgresql94-postgresql-server-0:9.4.9-1.el7
  • rh-postgresql94-postgresql-static-0:9.4.9-1.el6
  • rh-postgresql94-postgresql-static-0:9.4.9-1.el7
  • rh-postgresql94-postgresql-test-0:9.4.9-1.el6
  • rh-postgresql94-postgresql-test-0:9.4.9-1.el7
  • rh-postgresql94-postgresql-upgrade-0:9.4.9-1.el6
  • rh-postgresql94-postgresql-upgrade-0:9.4.9-1.el7
  • postgresql92-postgresql-0:9.2.18-1.el6
  • postgresql92-postgresql-0:9.2.18-1.el7
  • postgresql92-postgresql-contrib-0:9.2.18-1.el6
  • postgresql92-postgresql-contrib-0:9.2.18-1.el7
  • postgresql92-postgresql-debuginfo-0:9.2.18-1.el6
  • postgresql92-postgresql-debuginfo-0:9.2.18-1.el7
  • postgresql92-postgresql-devel-0:9.2.18-1.el6
  • postgresql92-postgresql-devel-0:9.2.18-1.el7
  • postgresql92-postgresql-docs-0:9.2.18-1.el6
  • postgresql92-postgresql-docs-0:9.2.18-1.el7
  • postgresql92-postgresql-libs-0:9.2.18-1.el6
  • postgresql92-postgresql-libs-0:9.2.18-1.el7
  • postgresql92-postgresql-plperl-0:9.2.18-1.el6
  • postgresql92-postgresql-plperl-0:9.2.18-1.el7
  • postgresql92-postgresql-plpython-0:9.2.18-1.el6
  • postgresql92-postgresql-plpython-0:9.2.18-1.el7
  • postgresql92-postgresql-pltcl-0:9.2.18-1.el6
  • postgresql92-postgresql-pltcl-0:9.2.18-1.el7
  • postgresql92-postgresql-server-0:9.2.18-1.el6
  • postgresql92-postgresql-server-0:9.2.18-1.el7
  • postgresql92-postgresql-test-0:9.2.18-1.el6
  • postgresql92-postgresql-test-0:9.2.18-1.el7
  • postgresql92-postgresql-upgrade-0:9.2.18-1.el6
  • postgresql92-postgresql-upgrade-0:9.2.18-1.el7
  • rh-postgresql95-postgresql-0:9.5.4-1.el6
  • rh-postgresql95-postgresql-0:9.5.4-1.el7
  • rh-postgresql95-postgresql-contrib-0:9.5.4-1.el6
  • rh-postgresql95-postgresql-contrib-0:9.5.4-1.el7
  • rh-postgresql95-postgresql-debuginfo-0:9.5.4-1.el6
  • rh-postgresql95-postgresql-debuginfo-0:9.5.4-1.el7
  • rh-postgresql95-postgresql-devel-0:9.5.4-1.el6
  • rh-postgresql95-postgresql-devel-0:9.5.4-1.el7
  • rh-postgresql95-postgresql-docs-0:9.5.4-1.el6
  • rh-postgresql95-postgresql-docs-0:9.5.4-1.el7
  • rh-postgresql95-postgresql-libs-0:9.5.4-1.el6
  • rh-postgresql95-postgresql-libs-0:9.5.4-1.el7
  • rh-postgresql95-postgresql-plperl-0:9.5.4-1.el6
  • rh-postgresql95-postgresql-plperl-0:9.5.4-1.el7
  • rh-postgresql95-postgresql-plpython-0:9.5.4-1.el6
  • rh-postgresql95-postgresql-plpython-0:9.5.4-1.el7
  • rh-postgresql95-postgresql-pltcl-0:9.5.4-1.el6
  • rh-postgresql95-postgresql-pltcl-0:9.5.4-1.el7
  • rh-postgresql95-postgresql-server-0:9.5.4-1.el6
  • rh-postgresql95-postgresql-server-0:9.5.4-1.el7
  • rh-postgresql95-postgresql-static-0:9.5.4-1.el6
  • rh-postgresql95-postgresql-static-0:9.5.4-1.el7
  • rh-postgresql95-postgresql-test-0:9.5.4-1.el6
  • rh-postgresql95-postgresql-test-0:9.5.4-1.el7
  • postgresql-0:9.2.18-1.el7
  • postgresql-contrib-0:9.2.18-1.el7
  • postgresql-debuginfo-0:9.2.18-1.el7
  • postgresql-devel-0:9.2.18-1.el7
  • postgresql-docs-0:9.2.18-1.el7
  • postgresql-libs-0:9.2.18-1.el7
  • postgresql-plperl-0:9.2.18-1.el7
  • postgresql-plpython-0:9.2.18-1.el7
  • postgresql-pltcl-0:9.2.18-1.el7
  • postgresql-server-0:9.2.18-1.el7
  • postgresql-test-0:9.2.18-1.el7
  • postgresql-upgrade-0:9.2.18-1.el7
  • rh-postgresql95-postgresql-0:9.5.7-2.el6
  • rh-postgresql95-postgresql-contrib-0:9.5.7-2.el6
  • rh-postgresql95-postgresql-debuginfo-0:9.5.7-2.el6
  • rh-postgresql95-postgresql-libs-0:9.5.7-2.el6
  • rh-postgresql95-postgresql-pltcl-0:9.5.7-2.el6
  • rh-postgresql95-postgresql-server-0:9.5.7-2.el6
  • rh-postgresql95-runtime-0:2.2-3.el6
  • spacewalk-backend-0:2.3.3-53.el6sat
  • spacewalk-backend-app-0:2.3.3-53.el6sat
  • spacewalk-backend-applet-0:2.3.3-53.el6sat
  • spacewalk-backend-config-files-0:2.3.3-53.el6sat
  • spacewalk-backend-config-files-common-0:2.3.3-53.el6sat
  • spacewalk-backend-config-files-tool-0:2.3.3-53.el6sat
  • spacewalk-backend-iss-0:2.3.3-53.el6sat
  • spacewalk-backend-iss-export-0:2.3.3-53.el6sat
  • spacewalk-backend-libs-0:2.3.3-53.el6sat
  • spacewalk-backend-package-push-server-0:2.3.3-53.el6sat
  • spacewalk-backend-server-0:2.3.3-53.el6sat
  • spacewalk-backend-sql-0:2.3.3-53.el6sat
  • spacewalk-backend-sql-oracle-0:2.3.3-53.el6sat
  • spacewalk-backend-sql-postgresql-0:2.3.3-53.el6sat
  • spacewalk-backend-tools-0:2.3.3-53.el6sat
  • spacewalk-backend-xml-export-libs-0:2.3.3-53.el6sat
  • spacewalk-backend-xmlrpc-0:2.3.3-53.el6sat
  • spacewalk-base-0:2.3.2-35.el6sat
  • spacewalk-base-minimal-0:2.3.2-35.el6sat
  • spacewalk-base-minimal-config-0:2.3.2-35.el6sat
  • spacewalk-dobby-0:2.3.2-35.el6sat
  • spacewalk-grail-0:2.3.2-35.el6sat
  • spacewalk-html-0:2.3.2-35.el6sat
  • spacewalk-postgresql-server-0:9.5-1.el6sat
  • spacewalk-pxt-0:2.3.2-35.el6sat
  • spacewalk-setup-postgresql-0:2.3.0-27.el6sat
  • spacewalk-sniglets-0:2.3.2-35.el6sat
  • spacewalk-utils-0:2.3.2-32.el6sat

References