Описание
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.
A SQL Injection flaw has been discovered in PostgreSQL server in the way triggers that enable transition relations are dumped. The transition relation name is not correctly quoted and it may allow an attacker with CREATE privilege on some non-temporary schema or TRIGGER privilege on some table to create a malicious trigger that, when dumped and restored, would result in additional SQL statements being executed.
Отчет
This issue did not affect the versions of postgresql as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include support for triggers with referecing syntax, which was included in a later version of the program.
It also doesn't affect the versions of postgresql shipped with CloudForms 4.2, 4.5 and 4.6, and Satellite 5, for the same reason as above.
This issue did not affect the versions of postgresql shipped within Tower, as there is no code path for Tower users to call the CREATE statement.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | postgresql96 | Not affected | ||
| Red Hat Ansible Tower 3 | postgresql96-libs | Not affected | ||
| Red Hat Enterprise Linux 5 | postgresql | Not affected | ||
| Red Hat Enterprise Linux 6 | postgresql | Not affected | ||
| Red Hat Enterprise Linux 7 | postgresql | Not affected | ||
| Red Hat Enterprise Linux 8 | libpq | Not affected | ||
| Red Hat Enterprise Linux 8 | postgresql | Not affected | ||
| Red Hat Satellite 5 | rh-postgresql95-postgresql | Not affected | ||
| Red Hat Software Collections | rh-postgresql95-postgresql | Not affected | ||
| Red Hat Software Collections | rh-postgresql96-postgresql | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
8 High
CVSS3
Связанные уязвимости
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL inject ...
EPSS
8 High
CVSS3