Vulnerabilities > CVE-2018-1058

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
postgresql
canonical
redhat
nessus
NVD
Published: 2018-03-02
Updated: 2023-01-19

Summary

A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.

Vulnerable Configurations

Part Description Count
Application
Postgresql
67
Application
Redhat
1
OS
Canonical
3

Nessus

  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0031_POSTGRESQL.NASL
    descriptionAn update of the postgresql package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121931
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121931
    titlePhoton OS 2.0: Postgresql PHSA-2018-2.0-0031
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-279.NASL
    descriptionThis update for postgresql95 fixes the following issues : Security issue fixed in PostgreSQL 9.5.12 : - CVE-2018-1058: Uncontrolled search path element in pg_dump and other client applications (boo#1081925).
    last seen2020-06-05
    modified2018-03-19
    plugin id108443
    published2018-03-19
    reporterThis script is Copyright (C) 2018-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/108443
    titleopenSUSE Security Update : postgresql95 (openSUSE-2018-279)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0755-1.NASL
    descriptionThis update for postgresql94 fixes the following issues: Security issues fixed : - CVE-2018-1058: Fixed uncontrolled search path element in pg_dump and other client applications (bsc#1081925). Bug fixes : - See release notes for details : - https://www.postgresql.org/docs/9.4/static/release-9-4-17.html - https://www.postgresql.org/docs/9.4/static/release-9-4-16.html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id108530
    published2018-03-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108530
    titleSUSE SLES11 Security Update : postgresql94 (SUSE-SU-2018:0755-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0876-1.NASL
    descriptionThis update for postgresql94 fixes the following issues: Security issues fixed : - CVE-2018-1058: Fixed uncontrolled search path element in pg_dump and other client applications (bsc#1081925). Bug fixes : - See release notes for details : - https://www.postgresql.org/docs/9.4/static/release-9-4-17.html - https://www.postgresql.org/docs/9.4/static/release-9-4-16.html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id108873
    published2018-04-06
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108873
    titleSUSE SLED12 / SLES12 Security Update : postgresql94 (SUSE-SU-2018:0876-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0756-1.NASL
    descriptionThis update for postgresql96 fixes the following issues: Security issues fixed : - CVE-2018-1058: Fixed uncontrolled search path element in pg_dump and other client applications (bsc#1081925). Bug fixes : - See release notes for details : - https://www.postgresql.org/docs/9.6/static/release-9-6-8.html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id108531
    published2018-03-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108531
    titleSUSE SLED12 / SLES12 Security Update : postgresql96 (SUSE-SU-2018:0756-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-340.NASL
    descriptionThis update for postgresql94 fixes the following issues : Security issues fixed : - CVE-2018-1058: Fixed uncontrolled search path element in pg_dump and other client applications (bsc#1081925). Bug fixes : - See release notes for details : - https://www.postgresql.org/docs/9.4/static/release-9-4-17.html - https://www.postgresql.org/docs/9.4/static/release-9-4-16.html This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2018-04-10
    plugin id108932
    published2018-04-10
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108932
    titleopenSUSE Security Update : postgresql94 (openSUSE-2018-340)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3589-1.NASL
    descriptionIt was discovered that PostgreSQL incorrectly handled certain settings. An attacker could possibly use this issue to execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id107192
    published2018-03-07
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107192
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.10 : postgresql-9.3, postgresql-9.5, postgresql-9.6 vulnerability (USN-3589-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0122.NASL
    descriptionAn update of 'postgresql' packages of Photon OS has been released.
    last seen2019-02-08
    modified2019-02-07
    plugin id111926
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111926
    titlePhoton OS 1.0: Postgresql PHSA-2018-1.0-0122 (deprecated)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-287.NASL
    descriptionThis update for postgresql96 fixes the following issues : Security issues fixed : - CVE-2018-1058: Fixed uncontrolled search path element in pg_dump and other client applications (bsc#1081925). Bug fixes : - See release notes for details : - https://www.postgresql.org/docs/9.6/static/release-9-6-8.html This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2018-03-22
    plugin id108527
    published2018-03-22
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108527
    titleopenSUSE Security Update : postgresql96 (openSUSE-2018-287)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0031.NASL
    descriptionAn update of {'postgresql'} packages of Photon OS has been released.
    last seen2019-02-08
    modified2019-02-07
    plugin id111294
    published2018-07-24
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111294
    titlePhoton OS 2.0 : postgresql (PhotonOS-PHSA-2018-2.0-0031) (deprecated)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_E3EEDA2E1D6711E8A2EC6CC21735F730.NASL
    descriptionThe PostgreSQL project reports : - CVE-2018-1058: Uncontrolled search path element in pg_dump and other client applications
    last seen2020-06-01
    modified2020-06-02
    plugin id107112
    published2018-03-02
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107112
    titleFreeBSD : PostgreSQL vulnerabilities (e3eeda2e-1d67-11e8-a2ec-6cc21735f730)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-990.NASL
    descriptionUncontrolled search path element in pg_dump and other client applications A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. (CVE-2018-1058)
    last seen2020-06-01
    modified2020-06-02
    plugin id108851
    published2018-04-06
    reporterThis script is Copyright (C) 2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/108851
    titleAmazon Linux AMI : postgresql93 / postgresql94,postgresql95,postgresql96 (ALAS-2018-990)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0122_POSTGRESQL.NASL
    descriptionAn update of the postgresql package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121817
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121817
    titlePhoton OS 1.0: Postgresql PHSA-2018-1.0-0122
  • NASL familyDatabases
    NASL idPOSTGRESQL_20180301.NASL
    descriptionThe version of PostgreSQL installed on the remote host is 9.3.x prior to 9.3.22, 9.4.x prior to 9.4.17, 9.5.x prior to 9.5.12, 9.6.x prior to 9.6.8, or 10.x prior to 10.3. It is, therefore, affected by a privilege escalation vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id107226
    published2018-03-08
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107226
    titlePostgreSQL 9.3.x < 9.3.22 / 9.4.x < 9.4.17 / 9.5.x < 9.5.12 / 9.6.x < 9.6.8 / 10.x < 10.3 Privilege Escalation Vulnerability

Redhat

advisories
  • rhsa
    idRHSA-2018:2511
  • rhsa
    idRHSA-2018:2566
  • rhsa
    idRHSA-2018:3816
rpms
  • rh-postgresql95-postgresql-0:9.5.14-1.el6
  • rh-postgresql95-postgresql-0:9.5.14-1.el7
  • rh-postgresql95-postgresql-contrib-0:9.5.14-1.el6
  • rh-postgresql95-postgresql-contrib-0:9.5.14-1.el7
  • rh-postgresql95-postgresql-debuginfo-0:9.5.14-1.el6
  • rh-postgresql95-postgresql-debuginfo-0:9.5.14-1.el7
  • rh-postgresql95-postgresql-devel-0:9.5.14-1.el6
  • rh-postgresql95-postgresql-devel-0:9.5.14-1.el7
  • rh-postgresql95-postgresql-docs-0:9.5.14-1.el6
  • rh-postgresql95-postgresql-docs-0:9.5.14-1.el7
  • rh-postgresql95-postgresql-libs-0:9.5.14-1.el6
  • rh-postgresql95-postgresql-libs-0:9.5.14-1.el7
  • rh-postgresql95-postgresql-plperl-0:9.5.14-1.el6
  • rh-postgresql95-postgresql-plperl-0:9.5.14-1.el7
  • rh-postgresql95-postgresql-plpython-0:9.5.14-1.el6
  • rh-postgresql95-postgresql-plpython-0:9.5.14-1.el7
  • rh-postgresql95-postgresql-pltcl-0:9.5.14-1.el6
  • rh-postgresql95-postgresql-pltcl-0:9.5.14-1.el7
  • rh-postgresql95-postgresql-server-0:9.5.14-1.el6
  • rh-postgresql95-postgresql-server-0:9.5.14-1.el7
  • rh-postgresql95-postgresql-static-0:9.5.14-1.el6
  • rh-postgresql95-postgresql-static-0:9.5.14-1.el7
  • rh-postgresql95-postgresql-test-0:9.5.14-1.el6
  • rh-postgresql95-postgresql-test-0:9.5.14-1.el7
  • rh-postgresql96-postgresql-0:9.6.10-1.el6
  • rh-postgresql96-postgresql-0:9.6.10-1.el7
  • rh-postgresql96-postgresql-contrib-0:9.6.10-1.el6
  • rh-postgresql96-postgresql-contrib-0:9.6.10-1.el7
  • rh-postgresql96-postgresql-contrib-syspaths-0:9.6.10-1.el6
  • rh-postgresql96-postgresql-contrib-syspaths-0:9.6.10-1.el7
  • rh-postgresql96-postgresql-debuginfo-0:9.6.10-1.el6
  • rh-postgresql96-postgresql-debuginfo-0:9.6.10-1.el7
  • rh-postgresql96-postgresql-devel-0:9.6.10-1.el6
  • rh-postgresql96-postgresql-devel-0:9.6.10-1.el7
  • rh-postgresql96-postgresql-docs-0:9.6.10-1.el6
  • rh-postgresql96-postgresql-docs-0:9.6.10-1.el7
  • rh-postgresql96-postgresql-libs-0:9.6.10-1.el6
  • rh-postgresql96-postgresql-libs-0:9.6.10-1.el7
  • rh-postgresql96-postgresql-plperl-0:9.6.10-1.el6
  • rh-postgresql96-postgresql-plperl-0:9.6.10-1.el7
  • rh-postgresql96-postgresql-plpython-0:9.6.10-1.el6
  • rh-postgresql96-postgresql-plpython-0:9.6.10-1.el7
  • rh-postgresql96-postgresql-pltcl-0:9.6.10-1.el6
  • rh-postgresql96-postgresql-pltcl-0:9.6.10-1.el7
  • rh-postgresql96-postgresql-server-0:9.6.10-1.el6
  • rh-postgresql96-postgresql-server-0:9.6.10-1.el7
  • rh-postgresql96-postgresql-server-syspaths-0:9.6.10-1.el6
  • rh-postgresql96-postgresql-server-syspaths-0:9.6.10-1.el7
  • rh-postgresql96-postgresql-static-0:9.6.10-1.el6
  • rh-postgresql96-postgresql-static-0:9.6.10-1.el7
  • rh-postgresql96-postgresql-syspaths-0:9.6.10-1.el6
  • rh-postgresql96-postgresql-syspaths-0:9.6.10-1.el7
  • rh-postgresql96-postgresql-test-0:9.6.10-1.el6
  • rh-postgresql96-postgresql-test-0:9.6.10-1.el7
  • cfme-0:5.9.6.5-3.el7cf
  • cfme-amazon-smartstate-0:5.9.6.5-2.el7cf
  • cfme-appliance-0:5.9.6.5-1.el7cf
  • cfme-appliance-common-0:5.9.6.5-1.el7cf
  • cfme-appliance-debuginfo-0:5.9.6.5-1.el7cf
  • cfme-appliance-tools-0:5.9.6.5-1.el7cf
  • cfme-debuginfo-0:5.9.6.5-3.el7cf
  • cfme-gemset-0:5.9.6.5-2.el7cf
  • cfme-gemset-debuginfo-0:5.9.6.5-2.el7cf
  • dbus-api-service-0:1.0.1-3.1.el7cf
  • httpd-configmap-generator-0:0.2.2-1.2.el7cf
  • postgresql96-0:9.6.10-1PGDG.el7at
  • postgresql96-contrib-0:9.6.10-1PGDG.el7at
  • postgresql96-debuginfo-0:9.6.10-1PGDG.el7at
  • postgresql96-devel-0:9.6.10-1PGDG.el7at
  • postgresql96-docs-0:9.6.10-1PGDG.el7at
  • postgresql96-libs-0:9.6.10-1PGDG.el7at
  • postgresql96-plperl-0:9.6.10-1PGDG.el7at
  • postgresql96-plpython-0:9.6.10-1PGDG.el7at
  • postgresql96-pltcl-0:9.6.10-1PGDG.el7at
  • postgresql96-server-0:9.6.10-1PGDG.el7at
  • postgresql96-test-0:9.6.10-1PGDG.el7at

References