Vulnerabilities > CVE-2019-10164 - Out-of-bounds Write vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202003-03.NASL description The remote host is affected by the vulnerability described in GLSA-202003-03 (PostgreSQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, bypass certain client-side connection security features, read arbitrary server memory, alter certain data or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-03-19 modified 2020-03-13 plugin id 134470 published 2020-03-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134470 title GLSA-202003-03 : PostgreSQL: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 202003-03. # # The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(134470); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/18"); script_cve_id("CVE-2019-10129", "CVE-2019-10130", "CVE-2019-10164", "CVE-2020-1720"); script_xref(name:"GLSA", value:"202003-03"); script_name(english:"GLSA-202003-03 : PostgreSQL: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-202003-03 (PostgreSQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, bypass certain client-side connection security features, read arbitrary server memory, alter certain data or cause a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/202003-03" ); script_set_attribute( attribute:"solution", value: "All PostgreSQL 9.4.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-9.4.26:9.4' All PostgreSQL 9.5.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-9.5.21:9.5' All PostgreSQL 9.6.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-9.6.17:9.6' All PostgreSQL 10.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-10.12:10' All PostgreSQL 11.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-11.7:11' All PostgreSQL 12.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-12.2:12'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:postgresql"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/26"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-db/postgresql", unaffected:make_list("ge 9.4.26", "ge 9.5.21", "ge 9.6.17", "ge 10.12", "ge 11.7", "ge 12.2"), vulnerable:make_list("lt 9.4.26", "lt 9.5.21", "lt 9.6.17", "lt 10.12", "lt 11.7", "lt 12.2"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "PostgreSQL"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1810-1.NASL description This update for postgresql10 fixes the following issues : Security issue fixed : CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing (bsc#1138034). CVE-2019-10130: Prevent row-level security policies from being bypassed via selectivity estimators (bsc#1134689). Bug fixes: For a complete list of fixes check the release notes. - https://www.postgresql.org/docs/10/release-10-9.html - https://www.postgresql.org/docs/10/release-10-8.html - https://www.postgresql.org/docs/10/release-10-7.html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126618 published 2019-07-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126618 title SUSE SLED15 / SLES15 Security Update : postgresql10 (SUSE-SU-2019:1810-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2012-1.NASL description This update for postgresql10 fixes the following issues : Security issue fixed : CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing (bsc#1138034). CVE-2019-10130: Prevent row-level security policies from being bypassed via selectivity estimators (bsc#1134689). Bug fixes: For a complete list of fixes check the release notes. - https://www.postgresql.org/docs/10/release-10-9.html - https://www.postgresql.org/docs/10/release-10-8.html - https://www.postgresql.org/docs/10/release-10-7.html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 127752 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127752 title SUSE SLED15 / SLES15 Security Update : postgresql10 (SUSE-SU-2019:2012-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4027-1.NASL description Alexander Lakhin discovered that PostgreSQL incorrectly handled authentication. An authenticated attacker or a rogue server could use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-21 modified 2019-06-21 plugin id 126098 published 2019-06-21 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126098 title Ubuntu 18.04 LTS / 18.10 / 19.04 : postgresql-10, postgresql-11 vulnerability (USN-4027-1) NASL family Fedora Local Security Checks NASL id FEDORA_2019-E43F49B428.NASL description New upstream release 10.9 Per release notes: https://www.postgresql.org/docs/10/release-10-9.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 127085 published 2019-07-26 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127085 title Fedora 29 : postgresql (2019-e43f49b428) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_245629D4991E11E982AA6CC21735F730.NASL description The PostgreSQL project reports : An authenticated user could create a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could be further exploited to execute arbitrary code as the PostgreSQL operating system account. Additionally, a rogue server could send a specifically crafted message during the SCRAM authentication process and cause a libpq-enabled client to either crash or execute arbitrary code as the client last seen 2020-06-01 modified 2020-06-02 plugin id 126315 published 2019-06-28 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126315 title FreeBSD : PostgreSQL -- Stack-based buffer overflow via setting a password (245629d4-991e-11e9-82aa-6cc21735f730) NASL family Databases NASL id POSTGRESQL_20190620.NASL description The version of PostgreSQL installed on the remote host is 10.x prior to 10.9 or 11.x prior to 11.4. As such, it is potentially affected by a stack overflow vulnerability. Any authenticated user can overflow a stack-based buffer by changing the user last seen 2020-03-21 modified 2019-06-27 plugin id 126309 published 2019-06-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126309 title PostgreSQL 10.x < 10.9 / 11.x < 11.4 Stack Overflow Vulnerability (CVE-2019-10164) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1773.NASL description This update for postgresql10 fixes the following issues : Security issue fixed : - CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing (bsc#1138034). - CVE-2019-10130: Prevent row-level security policies from being bypassed via selectivity estimators (bsc#1134689). Bug fixes : - For a complete list of fixes check the release notes. - https://www.postgresql.org/docs/10/release-10-9.html - https://www.postgresql.org/docs/10/release-10-8.html - https://www.postgresql.org/docs/10/release-10-7.html This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 126905 published 2019-07-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126905 title openSUSE Security Update : postgresql10 (openSUSE-2019-1773) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1783-1.NASL description This update for postgresql10 to version 10.9 fixes the following issue : Security issue fixed : CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing (bsc#1138034). More information at https://www.postgresql.org/docs/10/release-10-9.html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126595 published 2019-07-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126595 title SUSE SLED12 / SLES12 Security Update : postgresql10 (SUSE-SU-2019:1783-1) NASL family Fedora Local Security Checks NASL id FEDORA_2019-9F04A701C0.NASL description New upstream release 11.4 Per release notes: https://www.postgresql.org/docs/11/release-11-4.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 127081 published 2019-07-26 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127081 title Fedora 30 : libpq / postgresql (2019-9f04a701c0) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1783-2.NASL description This update for postgresql10 to version 10.9 fixes the following issue : Security issue fixed : CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing (bsc#1138034). More information at https://www.postgresql.org/docs/10/release-10-9.html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 127744 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127744 title SUSE SLES12 Security Update : postgresql10 (SUSE-SU-2019:1783-2) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1824.NASL description According to the version of the postgresql packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user last seen 2020-05-03 modified 2019-08-27 plugin id 128193 published 2019-08-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128193 title EulerOS 2.0 SP8 : postgresql (EulerOS-SA-2019-1824) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0243_POSTGRESQL.NASL description An update of the postgresql package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126955 published 2019-07-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126955 title Photon OS 1.0: Postgresql PHSA-2019-1.0-0243
Redhat
| rpms |
|
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164
- https://www.postgresql.org/about/news/1949/
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00035.html
- https://security.gentoo.org/glsa/202003-03
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAGE6H4FWLKFLHLWVYNPYGQRPIXTUWGB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTKEHXGDXYYD6WYDIIQJP4GDQJSENDJK/