Описание
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.
A flaw was found in the way PostgreSQL client programs handled database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable client program.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | postgresql | Affected | ||
| CloudForms Management Engine 5 | postgresql92-postgresql | Affected | ||
| Red Hat Enterprise Linux 5 | postgresql | Will not fix | ||
| Red Hat Enterprise Linux 5 | postgresql84 | Will not fix | ||
| Red Hat Enterprise Linux 6 | postgresql | Will not fix | ||
| Red Hat Enterprise Linux 7 | postgresql | Fixed | RHSA-2016:2606 | 03.11.2016 |
| Red Hat Satellite 5.7 | rh-postgresql95 | Fixed | RHSA-2017:2425 | 07.08.2017 |
| Red Hat Satellite 5.7 | rh-postgresql95-postgresql | Fixed | RHSA-2017:2425 | 07.08.2017 |
| Red Hat Satellite 5.7 | spacewalk-backend | Fixed | RHSA-2017:2425 | 07.08.2017 |
| Red Hat Satellite 5.7 | spacewalk-postgresql-server | Fixed | RHSA-2017:2425 | 07.08.2017 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.6 High
CVSS3
6 Medium
CVSS2
Связанные уязвимости
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9. ...
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.
EPSS
7.6 High
CVSS3
6 Medium
CVSS2