Vulnerabilities > CVE-2020-1720 - Missing Authorization vulnerability in multiple products

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
postgresql
redhat
CWE-862
nessus

Summary

A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-202003-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-202003-03 (PostgreSQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, bypass certain client-side connection security features, read arbitrary server memory, alter certain data or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-03-19
    modified2020-03-13
    plugin id134470
    published2020-03-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134470
    titleGLSA-202003-03 : PostgreSQL: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 202003-03.
    #
    # The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(134470);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/18");
    
      script_cve_id("CVE-2019-10129", "CVE-2019-10130", "CVE-2019-10164", "CVE-2020-1720");
      script_xref(name:"GLSA", value:"202003-03");
    
      script_name(english:"GLSA-202003-03 : PostgreSQL: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-202003-03
    (PostgreSQL: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in PostgreSQL. Please
          review the CVE identifiers referenced below for details.
      
    Impact :
    
        A remote attacker could possibly execute arbitrary code with the
          privileges of the process, bypass certain client-side connection security
          features, read arbitrary server memory, alter certain data or cause a
          Denial of Service condition.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/202003-03"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All PostgreSQL 9.4.x users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev-db/postgresql-9.4.26:9.4'
        All PostgreSQL 9.5.x users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev-db/postgresql-9.5.21:9.5'
        All PostgreSQL 9.6.x users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev-db/postgresql-9.6.17:9.6'
        All PostgreSQL 10.x users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev-db/postgresql-10.12:10'
        All PostgreSQL 11.x users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev-db/postgresql-11.7:11'
        All PostgreSQL 12.x users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev-db/postgresql-12.2:12'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:postgresql");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/03/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"dev-db/postgresql", unaffected:make_list("ge 9.4.26", "ge 9.5.21", "ge 9.6.17", "ge 10.12", "ge 11.7", "ge 12.2"), vulnerable:make_list("lt 9.4.26", "lt 9.5.21", "lt 9.6.17", "lt 10.12", "lt 11.7", "lt 12.2"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "PostgreSQL");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0715-1.NASL
    descriptionThis update for postgresql10 fixes the following issues : PostgreSQL was updated to version 10.12. Security issue fixed : CVE-2020-1720: Fixed a missing authorization check in the ALTER ... DEPENDS ON extension (bsc#1163985). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-01
    modified2020-03-19
    plugin id134698
    published2020-03-19
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134698
    titleSUSE SLED12 / SLES12 Security Update : postgresql10 (SUSE-SU-2020:0715-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4623.NASL
    descriptionTom Lane discovered that
    last seen2020-04-01
    modified2020-02-14
    plugin id133700
    published2020-02-14
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133700
    titleDebian DSA-4623-1 : postgresql-11 - security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0589-1.NASL
    descriptionThis update for postgresql10 fixes the following issues : PostgreSQL was updated to version 10.12. Security issue fixed : CVE-2020-1720: Fixed a missing authorization check in the ALTER ... DEPENDS ON extension (bsc#1163985). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-01
    modified2020-03-06
    plugin id134296
    published2020-03-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134296
    titleSUSE SLED15 / SLES15 Security Update : postgresql10 (SUSE-SU-2020:0589-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-1_0-0287_POSTGRESQL.NASL
    descriptionAn update of the postgresql package has been released.
    last seen2020-04-22
    modified2020-04-15
    plugin id135486
    published2020-04-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135486
    titlePhoton OS 1.0: Postgresql PHSA-2020-1.0-0287
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-2105.NASL
    descriptionTom Lane discovered that
    last seen2020-04-01
    modified2020-02-18
    plugin id133729
    published2020-02-18
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133729
    titleDebian DLA-2105-1 : postgresql-9.4 security update
  • NASL familyDatabases
    NASL idPOSTGRESQL_20200213.NASL
    descriptionThe version of PostgreSQL installed on the remote host is 9.6 prior to 9.6.17, 10 prior to 10.12, 11 prior to 11.7, or 12 prior to 12.2. As such, it is potentially affected by a vulnerability : - ALTER ... DEPENDS ON EXTENSION is missing authorization checks. (CVE-2020-1720) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-01
    modified2020-02-25
    plugin id133966
    published2020-02-25
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133966
    titlePostgreSQL 9.6.x < 9.6.17 / 10.x < 10.12 / 11.x < 11.7 / 12.x < 12.2 Missing Authorization
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-3_0-0080_POSTGRESQL.NASL
    descriptionAn update of the postgresql package has been released.
    last seen2020-04-30
    modified2020-04-21
    plugin id135793
    published2020-04-21
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135793
    titlePhoton OS 3.0: Postgresql PHSA-2020-3.0-0080
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1587.NASL
    descriptionAccording to the version of the postgresql packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in PostgreSQL
    last seen2020-06-03
    modified2020-05-26
    plugin id136865
    published2020-05-26
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136865
    titleEulerOS 2.0 SP8 : postgresql (EulerOS-SA-2020-1587)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_D331F69171F411EA8BB56CC21735F730.NASL
    descriptionThe PostgreSQL project reports : Versions Affected: 9.6 - 12 The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization checks, which can allow an unprivileged user to drop any function, procedure, materialized view, index, or trigger under certain conditions. This attack is possible if an administrator has installed an extension and an unprivileged user can CREATE, or an extension owner either executes DROP EXTENSION predictably or can be convinced to execute DROP EXTENSION.
    last seen2020-04-04
    modified2020-03-30
    plugin id135000
    published2020-03-30
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135000
    titleFreeBSD : PostgresSQL -- ALTER ... DEPENDS ON EXTENSION is missing authorization checks (d331f691-71f4-11ea-8bb5-6cc21735f730)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-331.NASL
    descriptionThis update for postgresql10 fixes the following issues : PostgreSQL was updated to version 10.12. Security issue fixed : - CVE-2020-1720: Fixed a missing authorization check in the ALTER ... DEPENDS ON extension (bsc#1163985). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-04-01
    modified2020-03-11
    plugin id134397
    published2020-03-11
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134397
    titleopenSUSE Security Update : postgresql10 (openSUSE-2020-331)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4282-1.NASL
    descriptionIt was discovered that PostgreSQL incorrectly performed authorization checks when handling the
    last seen2020-04-01
    modified2020-02-19
    plugin id133795
    published2020-02-19
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133795
    titleUbuntu 18.04 LTS / 19.10 : postgresql-10, postgresql-11 vulnerability (USN-4282-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0752-1.NASL
    descriptionThis update for postgresql10 fixes the following issues : PostgreSQL was updated to version 10.12. Security issue fixed : CVE-2020-1720: Fixed a missing authorization check in the ALTER ... DEPENDS ON extension (bsc#1163985). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-01
    modified2020-03-24
    plugin id134855
    published2020-03-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134855
    titleSUSE SLED15 / SLES15 Security Update : postgresql10 (SUSE-SU-2020:0752-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4622.NASL
    descriptionTom Lane discovered that
    last seen2020-04-01
    modified2020-02-14
    plugin id133699
    published2020-02-14
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133699
    titleDebian DSA-4622-1 : postgresql-9.6 - security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0586-1.NASL
    descriptionThis update for postgresql96 fixes the following issues : PostgreSQL was updated to version 9.6.17. Security issue fixed : CVE-2020-1720: Fixed a missing authorization check in the ALTER ... DEPENDS ON extension (bsc#1163985). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-01
    modified2020-03-06
    plugin id134295
    published2020-03-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134295
    titleSUSE SLES12 Security Update : postgresql96 (SUSE-SU-2020:0586-1)

Redhat

rpms
  • rh-postgresql10-postgresql-0:10.12-2.el7
  • rh-postgresql10-postgresql-contrib-0:10.12-2.el7
  • rh-postgresql10-postgresql-contrib-syspaths-0:10.12-2.el7
  • rh-postgresql10-postgresql-debuginfo-0:10.12-2.el7
  • rh-postgresql10-postgresql-devel-0:10.12-2.el7
  • rh-postgresql10-postgresql-docs-0:10.12-2.el7
  • rh-postgresql10-postgresql-libs-0:10.12-2.el7
  • rh-postgresql10-postgresql-plperl-0:10.12-2.el7
  • rh-postgresql10-postgresql-plpython-0:10.12-2.el7
  • rh-postgresql10-postgresql-pltcl-0:10.12-2.el7
  • rh-postgresql10-postgresql-server-0:10.12-2.el7
  • rh-postgresql10-postgresql-server-syspaths-0:10.12-2.el7
  • rh-postgresql10-postgresql-static-0:10.12-2.el7
  • rh-postgresql10-postgresql-syspaths-0:10.12-2.el7
  • rh-postgresql10-postgresql-test-0:10.12-2.el7