Vulnerabilities > CVE-2020-1720 - Missing Authorization vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202003-03.NASL description The remote host is affected by the vulnerability described in GLSA-202003-03 (PostgreSQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, bypass certain client-side connection security features, read arbitrary server memory, alter certain data or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-03-19 modified 2020-03-13 plugin id 134470 published 2020-03-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134470 title GLSA-202003-03 : PostgreSQL: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 202003-03. # # The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(134470); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/18"); script_cve_id("CVE-2019-10129", "CVE-2019-10130", "CVE-2019-10164", "CVE-2020-1720"); script_xref(name:"GLSA", value:"202003-03"); script_name(english:"GLSA-202003-03 : PostgreSQL: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-202003-03 (PostgreSQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, bypass certain client-side connection security features, read arbitrary server memory, alter certain data or cause a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/202003-03" ); script_set_attribute( attribute:"solution", value: "All PostgreSQL 9.4.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-9.4.26:9.4' All PostgreSQL 9.5.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-9.5.21:9.5' All PostgreSQL 9.6.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-9.6.17:9.6' All PostgreSQL 10.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-10.12:10' All PostgreSQL 11.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-11.7:11' All PostgreSQL 12.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-12.2:12'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:postgresql"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/26"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-db/postgresql", unaffected:make_list("ge 9.4.26", "ge 9.5.21", "ge 9.6.17", "ge 10.12", "ge 11.7", "ge 12.2"), vulnerable:make_list("lt 9.4.26", "lt 9.5.21", "lt 9.6.17", "lt 10.12", "lt 11.7", "lt 12.2"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "PostgreSQL"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0715-1.NASL description This update for postgresql10 fixes the following issues : PostgreSQL was updated to version 10.12. Security issue fixed : CVE-2020-1720: Fixed a missing authorization check in the ALTER ... DEPENDS ON extension (bsc#1163985). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-04-01 modified 2020-03-19 plugin id 134698 published 2020-03-19 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134698 title SUSE SLED12 / SLES12 Security Update : postgresql10 (SUSE-SU-2020:0715-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4623.NASL description Tom Lane discovered that last seen 2020-04-01 modified 2020-02-14 plugin id 133700 published 2020-02-14 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133700 title Debian DSA-4623-1 : postgresql-11 - security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0589-1.NASL description This update for postgresql10 fixes the following issues : PostgreSQL was updated to version 10.12. Security issue fixed : CVE-2020-1720: Fixed a missing authorization check in the ALTER ... DEPENDS ON extension (bsc#1163985). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-04-01 modified 2020-03-06 plugin id 134296 published 2020-03-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134296 title SUSE SLED15 / SLES15 Security Update : postgresql10 (SUSE-SU-2020:0589-1) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-1_0-0287_POSTGRESQL.NASL description An update of the postgresql package has been released. last seen 2020-04-22 modified 2020-04-15 plugin id 135486 published 2020-04-15 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135486 title Photon OS 1.0: Postgresql PHSA-2020-1.0-0287 NASL family Debian Local Security Checks NASL id DEBIAN_DLA-2105.NASL description Tom Lane discovered that last seen 2020-04-01 modified 2020-02-18 plugin id 133729 published 2020-02-18 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133729 title Debian DLA-2105-1 : postgresql-9.4 security update NASL family Databases NASL id POSTGRESQL_20200213.NASL description The version of PostgreSQL installed on the remote host is 9.6 prior to 9.6.17, 10 prior to 10.12, 11 prior to 11.7, or 12 prior to 12.2. As such, it is potentially affected by a vulnerability : - ALTER ... DEPENDS ON EXTENSION is missing authorization checks. (CVE-2020-1720) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-04-01 modified 2020-02-25 plugin id 133966 published 2020-02-25 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133966 title PostgreSQL 9.6.x < 9.6.17 / 10.x < 10.12 / 11.x < 11.7 / 12.x < 12.2 Missing Authorization NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-3_0-0080_POSTGRESQL.NASL description An update of the postgresql package has been released. last seen 2020-04-30 modified 2020-04-21 plugin id 135793 published 2020-04-21 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135793 title Photon OS 3.0: Postgresql PHSA-2020-3.0-0080 NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1587.NASL description According to the version of the postgresql packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in PostgreSQL last seen 2020-06-03 modified 2020-05-26 plugin id 136865 published 2020-05-26 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136865 title EulerOS 2.0 SP8 : postgresql (EulerOS-SA-2020-1587) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_D331F69171F411EA8BB56CC21735F730.NASL description The PostgreSQL project reports : Versions Affected: 9.6 - 12 The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization checks, which can allow an unprivileged user to drop any function, procedure, materialized view, index, or trigger under certain conditions. This attack is possible if an administrator has installed an extension and an unprivileged user can CREATE, or an extension owner either executes DROP EXTENSION predictably or can be convinced to execute DROP EXTENSION. last seen 2020-04-04 modified 2020-03-30 plugin id 135000 published 2020-03-30 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135000 title FreeBSD : PostgresSQL -- ALTER ... DEPENDS ON EXTENSION is missing authorization checks (d331f691-71f4-11ea-8bb5-6cc21735f730) NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-331.NASL description This update for postgresql10 fixes the following issues : PostgreSQL was updated to version 10.12. Security issue fixed : - CVE-2020-1720: Fixed a missing authorization check in the ALTER ... DEPENDS ON extension (bsc#1163985). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-04-01 modified 2020-03-11 plugin id 134397 published 2020-03-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134397 title openSUSE Security Update : postgresql10 (openSUSE-2020-331) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4282-1.NASL description It was discovered that PostgreSQL incorrectly performed authorization checks when handling the last seen 2020-04-01 modified 2020-02-19 plugin id 133795 published 2020-02-19 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133795 title Ubuntu 18.04 LTS / 19.10 : postgresql-10, postgresql-11 vulnerability (USN-4282-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0752-1.NASL description This update for postgresql10 fixes the following issues : PostgreSQL was updated to version 10.12. Security issue fixed : CVE-2020-1720: Fixed a missing authorization check in the ALTER ... DEPENDS ON extension (bsc#1163985). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-04-01 modified 2020-03-24 plugin id 134855 published 2020-03-24 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134855 title SUSE SLED15 / SLES15 Security Update : postgresql10 (SUSE-SU-2020:0752-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4622.NASL description Tom Lane discovered that last seen 2020-04-01 modified 2020-02-14 plugin id 133699 published 2020-02-14 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133699 title Debian DSA-4622-1 : postgresql-9.6 - security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0586-1.NASL description This update for postgresql96 fixes the following issues : PostgreSQL was updated to version 9.6.17. Security issue fixed : CVE-2020-1720: Fixed a missing authorization check in the ALTER ... DEPENDS ON extension (bsc#1163985). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-04-01 modified 2020-03-06 plugin id 134295 published 2020-03-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134295 title SUSE SLES12 Security Update : postgresql96 (SUSE-SU-2020:0586-1)
Redhat
rpms |
|
References
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1720
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1720
- https://www.postgresql.org/about/news/2011/
- https://www.postgresql.org/about/news/2011/