Vulnerabilities > CVE-2018-10915 - SQL Injection vulnerability in multiple products
Attack vector
NETWORK Attack complexity
HIGH Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Command Line Execution through SQL Injection An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
- Object Relational Mapping Injection An attacker leverages a weakness present in the database access layer code generated with an Object Relational Mapping (ORM) tool or a weakness in the way that a developer used a persistence framework to inject his or her own SQL commands to be executed against the underlying database. The attack here is similar to plain SQL injection, except that the application does not use JDBC to directly talk to the database, but instead it uses a data access layer generated by an ORM tool or framework (e.g. Hibernate). While most of the time code generated by an ORM tool contains safe access methods that are immune to SQL injection, sometimes either due to some weakness in the generated code or due to the fact that the developer failed to use the generated access methods properly, SQL injection is still possible.
- SQL Injection through SOAP Parameter Tampering An attacker modifies the parameters of the SOAP message that is sent from the service consumer to the service provider to initiate a SQL injection attack. On the service provider side, the SOAP message is parsed and parameters are not properly validated before being used to access a database in a way that does not use parameter binding, thus enabling the attacker to control the structure of the executed SQL query. This pattern describes a SQL injection attack with the delivery mechanism being a SOAP message.
- Expanding Control over the Operating System from the Database An attacker is able to leverage access gained to the database to read / write data to the file system, compromise the operating system, create a tunnel for accessing the host machine, and use this access to potentially attack other machines on the same network as the database machine. Traditionally SQL injections attacks are viewed as a way to gain unauthorized read access to the data stored in the database, modify the data in the database, delete the data, etc. However, almost every data base management system (DBMS) system includes facilities that if compromised allow an attacker complete access to the file system, operating system, and full access to the host running the database. The attacker can then use this privileged access to launch subsequent attacks. These facilities include dropping into a command shell, creating user defined functions that can call system level libraries present on the host machine, stored procedures, etc.
- SQL Injection This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL Injection results from failure of the application to appropriately validate input. When specially crafted user-controlled input consisting of SQL syntax is used without proper validation as part of SQL queries, it is possible to glean information from the database in ways not envisaged during application design. Depending upon the database and the design of the application, it may also be possible to leverage injection to have the database execute system-related commands of the attackers' choice. SQL Injection enables an attacker to talk directly to the database, thus bypassing the application completely. Successful injection can cause information disclosure as well as ability to add or modify data in the database. In order to successfully inject SQL and retrieve information from a database, an attacker:
Nessus
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-1_0-0178_PYTHON3.NASL description An update of the python3 package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121881 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121881 title Photon OS 1.0: Python3 PHSA-2018-1.0-0178 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2018-1.0-0178. The text # itself is copyright (C) VMware, Inc. include('compat.inc'); if (description) { script_id(121881); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2019/02/07"); script_cve_id("CVE-2018-1060", "CVE-2018-1061"); script_name(english:"Photon OS 1.0: Python3 PHSA-2018-1.0-0178"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the python3 package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-178.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10915"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/23"); script_set_attribute(attribute:"patch_publication_date", value:"2018/08/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:python3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-1.0", reference:"python3-3.5.5-2.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"python3-3.5.5-2.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"python3-debuginfo-3.5.5-2.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"python3-debuginfo-3.5.5-2.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"python3-devel-3.5.5-2.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"python3-devel-3.5.5-2.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"python3-libs-3.5.5-2.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"python3-libs-3.5.5-2.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"python3-tools-3.5.5-2.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"python3-tools-3.5.5-2.ph1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python3"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-659.NASL description This update for postgresql10 fixes the following issues : PostgreSQL 10 was updated to 10.5 : - https://www.postgresql.org/about/news/1851/ - https://www.postgresql.org/docs/current/static/release-10-5.html A dump/restore is not required for those running 10.X. However, if you use the adminpack extension, you should update it as per the first changelog entry below. Also, if the function marking mistakes mentioned in the second and third changelog entries below affect you, you will want to take steps to correct your database catalogs. Security issues fixed : - CVE-2018-1115: Remove public execute privilege from contrib/adminpack last seen 2020-06-01 modified 2020-06-02 plugin id 123286 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123286 title openSUSE Security Update : postgresql10 (openSUSE-2019-659) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-659. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(123286); script_version("1.2"); script_cvs_date("Date: 2020/01/30"); script_cve_id("CVE-2018-10915", "CVE-2018-10925", "CVE-2018-1115"); script_name(english:"openSUSE Security Update : postgresql10 (openSUSE-2019-659)"); script_summary(english:"Check for the openSUSE-2019-659 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for postgresql10 fixes the following issues : PostgreSQL 10 was updated to 10.5 : - https://www.postgresql.org/about/news/1851/ - https://www.postgresql.org/docs/current/static/release-10-5.html A dump/restore is not required for those running 10.X. However, if you use the adminpack extension, you should update it as per the first changelog entry below. Also, if the function marking mistakes mentioned in the second and third changelog entries below affect you, you will want to take steps to correct your database catalogs. Security issues fixed : - CVE-2018-1115: Remove public execute privilege from contrib/adminpack's pg_logfile_rotate() function pg_logfile_rotate() is a deprecated wrapper for the core function pg_rotate_logfile(). When that function was changed to rely on SQL privileges for access control rather than a hard-coded superuser check, pg_logfile_rotate() should have been updated as well, but the need for this was missed. Hence, if adminpack is installed, any user could request a logfile rotation, creating a minor security issue. After installing this update, administrators should update adminpack by performing ALTER EXTENSION adminpack UPDATE in each database in which adminpack is installed (bsc#1091610). - CVE-2018-10915: libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could have bypassed client-side connection security features, obtain access to higher privileged connections or potentially cause other impact SQL injection, by causing the PQescape() functions to malfunction (bsc#1104199) - CVE-2018-10925: Add missing authorization check on certain statements involved with 'INSERT ... ON CONFLICT DO UPDATE'. An attacker with 'CREATE TABLE' privileges could have exploited this to read arbitrary bytes server memory. If the attacker also had certain 'INSERT' and limited 'UPDATE' privileges to a particular table, they could have exploited this to update other columns in the same table (bsc#1104202). This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1091610" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104199" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104202" ); script_set_attribute( attribute:"see_also", value:"https://www.postgresql.org/about/news/1851/" ); # https://www.postgresql.org/docs/current/static/release-10-5.html script_set_attribute( attribute:"see_also", value:"https://www.postgresql.org/docs/current/release-10-5.html" ); script_set_attribute( attribute:"solution", value:"Update the affected postgresql10 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libecpg6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libecpg6-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libecpg6-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libecpg6-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpq5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpq5-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpq5-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpq5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10-contrib-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10-plperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10-plperl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10-plpython"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10-plpython-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10-pltcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10-pltcl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10-server-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10-test"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/10"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"libecpg6-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libecpg6-debuginfo-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libpq5-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libpq5-debuginfo-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-contrib-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-contrib-debuginfo-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-debuginfo-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-debugsource-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-devel-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-devel-debuginfo-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-plperl-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-plperl-debuginfo-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-plpython-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-plpython-debuginfo-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-pltcl-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-pltcl-debuginfo-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-server-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-server-debuginfo-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-test-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libecpg6-32bit-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libecpg6-32bit-debuginfo-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libpq5-32bit-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libpq5-32bit-debuginfo-10.5-lp150.3.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql10 / postgresql10-contrib / etc"); }NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-1117.NASL description A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with last seen 2020-06-10 modified 2018-12-07 plugin id 119476 published 2018-12-07 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119476 title Amazon Linux AMI : postgresql93 / postgresql94 (ALAS-2018-1117) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2018-1117. # include("compat.inc"); if (description) { script_id(119476); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/09"); script_cve_id("CVE-2018-10915"); script_xref(name:"ALAS", value:"2018-1117"); script_name(english:"Amazon Linux AMI : postgresql93 / postgresql94 (ALAS-2018-1117)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction.(CVE-2018-10915)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2018-1117.html" ); script_set_attribute( attribute:"solution", value: "Run 'yum update postgresql93' to update your system. Run 'yum update postgresql94' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql93"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql93-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql93-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql93-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql93-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql93-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql93-plperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql93-plpython26"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql93-plpython27"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql93-pltcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql93-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql93-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql94"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql94-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql94-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql94-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql94-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql94-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql94-plperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql94-plpython26"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql94-plpython27"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql94-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql94-test"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/09"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/07"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"postgresql93-9.3.25-1.72.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql93-contrib-9.3.25-1.72.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql93-debuginfo-9.3.25-1.72.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql93-devel-9.3.25-1.72.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql93-docs-9.3.25-1.72.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql93-libs-9.3.25-1.72.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql93-plperl-9.3.25-1.72.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql93-plpython26-9.3.25-1.72.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql93-plpython27-9.3.25-1.72.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql93-pltcl-9.3.25-1.72.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql93-server-9.3.25-1.72.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql93-test-9.3.25-1.72.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql94-9.4.20-1.76.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql94-contrib-9.4.20-1.76.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql94-debuginfo-9.4.20-1.76.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql94-devel-9.4.20-1.76.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql94-docs-9.4.20-1.76.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql94-libs-9.4.20-1.76.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql94-plperl-9.4.20-1.76.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql94-plpython26-9.4.20-1.76.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql94-plpython27-9.4.20-1.76.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql94-server-9.4.20-1.76.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql94-test-9.4.20-1.76.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql93 / postgresql93-contrib / postgresql93-debuginfo / etc"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4269.NASL description Two vulnerabilities have been found in the PostgreSQL database system : - CVE-2018-10915 Andrew Krasichkov discovered that libpq did not reset all its connection state during reconnects. - CVE-2018-10925 It was discovered that some last seen 2020-06-01 modified 2020-06-02 plugin id 111653 published 2018-08-13 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111653 title Debian DSA-4269-1 : postgresql-9.6 - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-4269. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(111653); script_version("1.5"); script_cvs_date("Date: 2018/11/13 12:30:47"); script_cve_id("CVE-2018-10915", "CVE-2018-10925"); script_xref(name:"DSA", value:"4269"); script_name(english:"Debian DSA-4269-1 : postgresql-9.6 - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Two vulnerabilities have been found in the PostgreSQL database system : - CVE-2018-10915 Andrew Krasichkov discovered that libpq did not reset all its connection state during reconnects. - CVE-2018-10925 It was discovered that some 'CREATE TABLE' statements could disclose server memory. For additional information please refer to the upstream announcement at https://www.postgresql.org/about/news/1878/" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-10915" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-10925" ); script_set_attribute( attribute:"see_also", value:"https://www.postgresql.org/about/news/1878/" ); # https://security-tracker.debian.org/tracker/source-package/postgresql-9.6 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?350b32e8" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/stretch/postgresql-9.6" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2018/dsa-4269" ); script_set_attribute( attribute:"solution", value: "Upgrade the postgresql-9.6 packages. For the stable distribution (stretch), these problems have been fixed in version 9.6.10-0+deb9u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:postgresql-9.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0"); script_set_attribute(attribute:"patch_publication_date", value:"2018/08/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"9.0", prefix:"libecpg-compat3", reference:"9.6.10-0+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libecpg-dev", reference:"9.6.10-0+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libecpg6", reference:"9.6.10-0+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libpgtypes3", reference:"9.6.10-0+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libpq-dev", reference:"9.6.10-0+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libpq5", reference:"9.6.10-0+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"postgresql-9.6", reference:"9.6.10-0+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"postgresql-9.6-dbg", reference:"9.6.10-0+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"postgresql-client-9.6", reference:"9.6.10-0+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"postgresql-contrib-9.6", reference:"9.6.10-0+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"postgresql-doc-9.6", reference:"9.6.10-0+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"postgresql-plperl-9.6", reference:"9.6.10-0+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"postgresql-plpython-9.6", reference:"9.6.10-0+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"postgresql-plpython3-9.6", reference:"9.6.10-0+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"postgresql-pltcl-9.6", reference:"9.6.10-0+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"postgresql-server-dev-9.6", reference:"9.6.10-0+deb9u1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0087_KRB5.NASL description An update of the krb5 package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121987 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121987 title Photon OS 2.0: Krb5 PHSA-2018-2.0-0087 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2018-2.0-0087. The text # itself is copyright (C) VMware, Inc. include('compat.inc'); if (description) { script_id(121987); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2019/02/07"); script_cve_id("CVE-2018-5730"); script_name(english:"Photon OS 2.0: Krb5 PHSA-2018-2.0-0087"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the krb5 package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-87.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10915"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/24"); script_set_attribute(attribute:"patch_publication_date", value:"2018/08/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:krb5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-2.0", reference:"krb5-1.16-2.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"krb5-debuginfo-1.16-2.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"krb5-devel-1.16-2.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"krb5-lang-1.16-2.ph2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-955.NASL description This update for postgresql10 fixes the following issues : PostgreSQL 10 was updated to 10.5 : - https://www.postgresql.org/about/news/1851/ - https://www.postgresql.org/docs/current/static/release-10-5.html A dump/restore is not required for those running 10.X. However, if you use the adminpack extension, you should update it as per the first changelog entry below. Also, if the function marking mistakes mentioned in the second and third changelog entries below affect you, you will want to take steps to correct your database catalogs. Security issues fixed : - CVE-2018-1115: Remove public execute privilege from contrib/adminpack last seen 2020-06-05 modified 2018-09-04 plugin id 112269 published 2018-09-04 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112269 title openSUSE Security Update : postgresql10 (openSUSE-2018-955) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2018-955. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(112269); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-10915", "CVE-2018-10925", "CVE-2018-1115"); script_name(english:"openSUSE Security Update : postgresql10 (openSUSE-2018-955)"); script_summary(english:"Check for the openSUSE-2018-955 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for postgresql10 fixes the following issues : PostgreSQL 10 was updated to 10.5 : - https://www.postgresql.org/about/news/1851/ - https://www.postgresql.org/docs/current/static/release-10-5.html A dump/restore is not required for those running 10.X. However, if you use the adminpack extension, you should update it as per the first changelog entry below. Also, if the function marking mistakes mentioned in the second and third changelog entries below affect you, you will want to take steps to correct your database catalogs. Security issues fixed : - CVE-2018-1115: Remove public execute privilege from contrib/adminpack's pg_logfile_rotate() function pg_logfile_rotate() is a deprecated wrapper for the core function pg_rotate_logfile(). When that function was changed to rely on SQL privileges for access control rather than a hard-coded superuser check, pg_logfile_rotate() should have been updated as well, but the need for this was missed. Hence, if adminpack is installed, any user could request a logfile rotation, creating a minor security issue. After installing this update, administrators should update adminpack by performing ALTER EXTENSION adminpack UPDATE in each database in which adminpack is installed (bsc#1091610). - CVE-2018-10915: libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could have bypassed client-side connection security features, obtain access to higher privileged connections or potentially cause other impact SQL injection, by causing the PQescape() functions to malfunction (bsc#1104199) - CVE-2018-10925: Add missing authorization check on certain statements involved with 'INSERT ... ON CONFLICT DO UPDATE'. An attacker with 'CREATE TABLE' privileges could have exploited this to read arbitrary bytes server memory. If the attacker also had certain 'INSERT' and limited 'UPDATE' privileges to a particular table, they could have exploited this to update other columns in the same table (bsc#1104202). This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1091610" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104199" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104202" ); script_set_attribute( attribute:"see_also", value:"https://www.postgresql.org/about/news/1851/" ); # https://www.postgresql.org/docs/current/static/release-10-5.html script_set_attribute( attribute:"see_also", value:"https://www.postgresql.org/docs/current/release-10-5.html" ); script_set_attribute( attribute:"solution", value:"Update the affected postgresql10 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libecpg6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libecpg6-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libecpg6-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libecpg6-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpq5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpq5-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpq5-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpq5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10-contrib-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10-plperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10-plperl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10-plpython"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10-plpython-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10-pltcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10-pltcl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10-server-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql10-test"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"patch_publication_date", value:"2018/09/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"libecpg6-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libecpg6-debuginfo-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libpq5-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libpq5-debuginfo-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-contrib-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-contrib-debuginfo-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-debuginfo-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-debugsource-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-devel-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-devel-debuginfo-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-plperl-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-plperl-debuginfo-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-plpython-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-plpython-debuginfo-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-pltcl-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-pltcl-debuginfo-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-server-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-server-debuginfo-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"postgresql10-test-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libecpg6-32bit-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libecpg6-32bit-debuginfo-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libpq5-32bit-10.5-lp150.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libpq5-32bit-debuginfo-10.5-lp150.3.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql10 / postgresql10-contrib / etc"); }NASL family Fedora Local Security Checks NASL id FEDORA_2018-5D1F7BD2D7.NASL description update to 10.5, CVE-2018-10915, CVE-2018-10925 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120455 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120455 title Fedora 28 : postgresql (2018-5d1f7bd2d7) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-5d1f7bd2d7. # include("compat.inc"); if (description) { script_id(120455); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-10915", "CVE-2018-10925"); script_xref(name:"FEDORA", value:"2018-5d1f7bd2d7"); script_name(english:"Fedora 28 : postgresql (2018-5d1f7bd2d7)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "update to 10.5, CVE-2018-10915, CVE-2018-10925 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-5d1f7bd2d7" ); script_set_attribute( attribute:"solution", value:"Update the affected postgresql package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10915"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:postgresql"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/09"); script_set_attribute(attribute:"patch_publication_date", value:"2018/08/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC28", reference:"postgresql-10.5-1.fc28")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-2643.NASL description An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. The following packages have been upgraded to a later upstream version: rhvm-appliance (4.2). (BZ#1590658, BZ#1591095, BZ#1591096, BZ#1592655, BZ# 1594636, BZ#1597534, BZ#1612683) Red Hat would like to thank the PostgreSQL project for reporting CVE-2018-10915 and Ammarit Thongthua (Deloitte Thailand Pentest team) and Nattakit Intarasorn (Deloitte Thailand Pentest team) for reporting CVE-2018-1067. Upstream acknowledges Andrew Krasichkov as the original reporter of CVE-2018-10915. Security fixes : * vulnerability: wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip) (CVE-2018-10862) * vulnerability: apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039) * vulnerability: postgresql: Certain host connection parameters defeat client-side security defenses (CVE-2018-10915) * vulnerability: undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of ) (CVE-2018-1067, CVE-2016-4993) * vulnerability: undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service (CVE-2018-1114) * vulnerability: guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service (CVE-2018-10237) * vulnerability: bouncycastle: flaw in the low-level interface to RSA key pair generator (CVE-2018-1000180) For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 117324 published 2018-09-06 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117324 title RHEL 7 : Virtualization (RHSA-2018:2643) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2018-1080.NASL description A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with last seen 2020-06-01 modified 2020-06-02 plugin id 117709 published 2018-09-27 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117709 title Amazon Linux 2 : postgresql (ALAS-2018-1080) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_96EAB8749C7911E8B34B6CC21735F730.NASL description The PostgreSQL project reports : CVE-2018-10915: Certain host connection parameters defeat client-side security defenses libpq, the client connection API for PostgreSQL that is also used by other connection libraries, had an internal issue where it did not reset all of its connection state variables when attempting to reconnect. In particular, the state variable that determined whether or not a password is needed for a connection would not be reset, which could allow users of features requiring libpq, such as the last seen 2020-06-01 modified 2020-06-02 plugin id 111656 published 2018-08-13 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111656 title FreeBSD : PostgreSQL -- two vulnerabilities (96eab874-9c79-11e8-b34b-6cc21735f730) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-1_0-0178.NASL description An update of 'python2', 'strongswan', 'python3', 'postgresql' packages of Photon OS has been released. last seen 2019-02-21 modified 2019-02-07 plugin id 112221 published 2018-08-31 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=112221 title Photon OS 1.0: Postgresql / Python2 / Python3 / Strongswan PHSA-2018-1.0-0178 (deprecated) NASL family Databases NASL id POSTGRESQL_20180809.NASL description The version of PostgreSQL installed on the remote host is 9.3.x prior to 9.3.24, 9.4.x prior to 9.4.19, 9.5.x prior to 9.5.14, 9.6.x prior to 9.6.10, or 10.x prior to 10.5. It is, therefore, affected by multiple vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 111966 published 2018-08-17 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111966 title PostgreSQL 9.3.x < 9.3.24 / 9.4.x < 9.4.19 / 9.5.x < 9.5.14 / 9.6.x < 9.6.10 / 10.x < 10.5 Multiple Vulnerabilities NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-1_0-0178_STRONGSWAN.NASL description An update of the strongswan package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121882 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121882 title Photon OS 1.0: Strongswan PHSA-2018-1.0-0178 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3744-1.NASL description Andrew Krasichkov discovered that the PostgreSQL client library incorrectly reset its internal state between connections. A remote attacker could possibly use this issue to bypass certain client-side connection security features. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-10915) It was discovered that PostgreSQL incorrectly checked authorization on certain statements. A remote attacker could possibly use this issue to read arbitrary server memory or alter certain data. (CVE-2018-10925). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 111844 published 2018-08-17 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111844 title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : postgresql-10, postgresql-9.3, postgresql-9.5 vulnerabilities (USN-3744-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1312.NASL description According to the version of the postgresql packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - postgresql: Certain host connection parameters defeat client-side security defenses (CVE-2018-10915) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2018-09-27 plugin id 117755 published 2018-09-27 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117755 title EulerOS 2.0 SP3 : postgresql (EulerOS-SA-2018-1312) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1311.NASL description According to the version of the postgresql packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - postgresql: Certain host connection parameters defeat client-side security defenses (CVE-2018-10915) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2018-09-27 plugin id 117754 published 2018-09-27 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117754 title EulerOS 2.0 SP2 : postgresql (EulerOS-SA-2018-1311) NASL family Scientific Linux Local Security Checks NASL id SL_20180823_POSTGRESQL_ON_SL7_X.NASL description The following packages have been upgraded to a later upstream version: postgresql (9.2.24). Security Fix(es) : - postgresql: Certain host connection parameters defeat client-side security defenses (CVE-2018-10915) last seen 2020-03-18 modified 2018-08-24 plugin id 112105 published 2018-08-24 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112105 title Scientific Linux Security Update : postgresql on SL7.x x86_64 (20180823) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0087.NASL description An update of 'krb5', 'postgresql' packages of Photon OS has been released. last seen 2019-02-21 modified 2019-02-07 plugin id 112220 published 2018-08-31 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=112220 title Photon OS 2.0: Krb5 / Postgresql PHSA-2018-2.0-0087 (deprecated) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-2557.NASL description An update for postgresql is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a later upstream version: postgresql (9.2.24). (BZ#1612667) Security Fix(es) : * postgresql: Certain host connection parameters defeat client-side security defenses (CVE-2018-10915) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Andrew Krasichkov as the original reporter. last seen 2020-06-01 modified 2020-06-02 plugin id 112104 published 2018-08-24 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112104 title RHEL 7 : postgresql (RHSA-2018:2557) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1482.NASL description This update for postgresql94 to 9.4.19 fixes the following security issue : - CVE-2018-10915: libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with last seen 2020-06-05 modified 2018-12-07 plugin id 119490 published 2018-12-07 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119490 title openSUSE Security Update : postgresql94 (openSUSE-2018-1482) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3909-1.NASL description This update for postgresql94 to 9.4.19 fixes the following security issue : CVE-2018-10915: libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with last seen 2020-06-01 modified 2020-06-02 plugin id 119212 published 2018-11-27 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119212 title SUSE SLES12 Security Update : postgresql94 (SUSE-SU-2018:3909-1) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0087_POSTGRESQL.NASL description An update of the postgresql package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121988 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121988 title Photon OS 2.0: Postgresql PHSA-2018-2.0-0087 NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-1_0-0178_POSTGRESQL.NASL description An update of the postgresql package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121879 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121879 title Photon OS 1.0: Postgresql PHSA-2018-1.0-0178 NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0036_POSTGRESQL.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has postgresql packages installed that are affected by a vulnerability: - A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with host or hostaddr connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. (CVE-2018-10915) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127207 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127207 title NewStart CGSL CORE 5.04 / MAIN 5.04 : postgresql Vulnerability (NS-SA-2019-0036) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1464.NASL description An unprivileged user of dblink or postgres_fdw could bypass the checks intended to prevent use of server-side credentials, such as a ~/.pgpass file owned by the operating-system user running the server. Servers allowing peer authentication on local connections are particularly vulnerable. Other attacks such as SQL injection into a postgres_fdw session are also possible. Attacking postgres_fdw in this way requires the ability to create a foreign server object with selected connection parameters, but any user with access to dblink could exploit the problem. In general, an attacker with the ability to select the connection parameters for a libpq-using application could cause mischief, though other plausible attack scenarios are harder to think of. Our thanks to Andrew Krasichkov for reporting this issue. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 111762 published 2018-08-16 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111762 title Debian DLA-1464-1 : postgresql-9.4 security update NASL family Fedora Local Security Checks NASL id FEDORA_2018-D8F5AEA89D.NASL description update to 9.6.10, CVE-2018-10915 CVE-2018-10925 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-08-16 plugin id 111770 published 2018-08-16 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111770 title Fedora 27 : postgresql (2018-d8f5aea89d) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-1118.NASL description A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with last seen 2020-06-10 modified 2018-12-07 plugin id 119477 published 2018-12-07 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119477 title Amazon Linux AMI : postgresql95 (ALAS-2018-1118) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-1_0-0178_PYTHON2.NASL description An update of the python2 package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121880 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121880 title Photon OS 1.0: Python2 PHSA-2018-1.0-0178 NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201810-08.NASL description The remote host is affected by the vulnerability described in GLSA-201810-08 (PostgreSQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PostgreSQL. Please review the referenced CVE identifiers for details. In addition it was discovered that Gentoo’s PostgreSQL installation suffered from a privilege escalation vulnerability due to a runscript which called OpenRC’s checkpath() on a user controlled path and allowed user running PostgreSQL to kill arbitrary processes via PID file manipulation. Impact : A remote attacker could bypass certain client-side connection security features, read arbitrary server memory or alter certain data. In addition, a local attacker could gain privileges or cause a Denial of Service condition by killing arbitrary processes. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 118508 published 2018-10-31 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118508 title GLSA-201810-08 : PostgreSQL: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-2564-1.NASL description This update for postgresql10 fixes the following issues : PostgreSQL 10 was updated to 10.5 : https://www.postgresql.org/about/news/1851/ https://www.postgresql.org/docs/current/static/release-10-5.html A dump/restore is not required for those running 10.X. However, if you use the adminpack extension, you should update it as per the first changelog entry below. Also, if the function marking mistakes mentioned in the second and third changelog entries below affect you, you will want to take steps to correct your database catalogs. Security issues fixed: CVE-2018-1115: Remove public execute privilege from contrib/adminpack last seen 2020-03-19 modified 2019-01-02 plugin id 120090 published 2019-01-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120090 title SUSE SLED15 / SLES15 Security Update : postgresql10 (SUSE-SU-2018:2564-1) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-1080.NASL description A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with last seen 2020-06-01 modified 2020-06-02 plugin id 117604 published 2018-09-20 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117604 title Amazon Linux AMI : postgresql92 (ALAS-2018-1080) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3287-1.NASL description This update for postgresql94 fixes the following issues : postgresql was updated to 9.4.19 : https://www.postgresql.org/docs/current/static/release-9-4-19.html - CVE-2018-10915, bsc#1104199: Fix failure to reset libpq last seen 2020-06-01 modified 2020-06-02 plugin id 118320 published 2018-10-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118320 title SUSE SLES11 Security Update : postgresql94 (SUSE-SU-2018:3287-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2018-2557.NASL description From Red Hat Security Advisory 2018:2557 : An update for postgresql is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a later upstream version: postgresql (9.2.24). (BZ#1612667) Security Fix(es) : * postgresql: Certain host connection parameters defeat client-side security defenses (CVE-2018-10915) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Andrew Krasichkov as the original reporter. last seen 2020-06-01 modified 2020-06-02 plugin id 112103 published 2018-08-24 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112103 title Oracle Linux 7 : postgresql (ELSA-2018-2557) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3377-1.NASL description This update for postgresql96 to 9.6.10 fixes the following issues : These security issues were fixed : CVE-2018-10915: libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with last seen 2020-06-01 modified 2020-06-02 plugin id 118387 published 2018-10-25 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118387 title SUSE SLED12 / SLES12 Security Update : postgresql96 (SUSE-SU-2018:3377-1) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-1119.NASL description A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with last seen 2020-06-10 modified 2018-12-07 plugin id 119478 published 2018-12-07 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119478 title Amazon Linux AMI : postgresql96 (ALAS-2018-1119) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-1079.NASL description A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with last seen 2020-06-01 modified 2020-06-02 plugin id 117603 published 2018-09-20 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117603 title Amazon Linux AMI : postgresql93 / postgresql94,postgresql95 (ALAS-2018-1079) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-1074.NASL description A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with last seen 2020-06-01 modified 2020-06-02 plugin id 117346 published 2018-09-07 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117346 title Amazon Linux AMI : postgresql96 (ALAS-2018-1074) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1278.NASL description This update for postgresql96 to 9.6.10 fixes the following issues : These security issues were fixed : - CVE-2018-10915: libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with last seen 2020-06-05 modified 2018-10-26 plugin id 118448 published 2018-10-26 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118448 title openSUSE Security Update : postgresql96 (openSUSE-2018-1278) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2018-2557.NASL description An update for postgresql is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a later upstream version: postgresql (9.2.24). (BZ#1612667) Security Fix(es) : * postgresql: Certain host connection parameters defeat client-side security defenses (CVE-2018-10915) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Andrew Krasichkov as the original reporter. last seen 2020-06-01 modified 2020-06-02 plugin id 112163 published 2018-08-29 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112163 title CentOS 7 : postgresql (CESA-2018:2557)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://www.postgresql.org/about/news/1878/
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10915
- https://www.debian.org/security/2018/dsa-4269
- http://www.securityfocus.com/bid/105054
- https://lists.debian.org/debian-lts-announce/2018/08/msg00012.html
- http://www.securitytracker.com/id/1041446
- https://usn.ubuntu.com/3744-1/
- https://access.redhat.com/errata/RHSA-2018:2511
- https://access.redhat.com/errata/RHSA-2018:2557
- https://access.redhat.com/errata/RHSA-2018:2566
- https://access.redhat.com/errata/RHSA-2018:2565
- https://access.redhat.com/errata/RHSA-2018:2643
- https://access.redhat.com/errata/RHSA-2018:2721
- https://access.redhat.com/errata/RHSA-2018:2729
- https://security.gentoo.org/glsa/201810-08
- https://access.redhat.com/errata/RHSA-2018:3816
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html