Описание
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
A flaw was found in PostgreSQL PL/Perl. This vulnerability allows an unprivileged database user to change sensitive process environment variables (e.g., PATH) via incorrect control of environment variables.
Отчет
This vulnerability has been given a severity rating of important because the ability to modify sensitive process environment variables (ex. PATH) can lead to unauthorized code execution and privilege escalation. Depending on the privileges of the PostgreSQL user, an attacker may be able to gain higher-level access to the underlying server and create functions who modify environment variables and execute arbitrary commands.
Меры по смягчению последствий
Currently the following options exist to help mitigate the impact of this vulnerability:
- Restrict Permissions: the creation of PL/Python and PL/Perl functions should be limited to trusted users only.
- Environment Variable Sanitization: ensure that environment variables are properly sanitized and any modifications are restricted.
- Upgrade PostgreSQL: if a fix is released by the PostgreSQL Global Development Group, update to the latest version.
- Audit Database Functions: perform regular audits on user-created functions to detect and prevent potential exploitation.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | postgresql | Out of support scope | ||
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | postgresql | Fixed | RHSA-2024:10882 | 09.12.2024 |
| Red Hat Enterprise Linux 8 | postgresql | Fixed | RHSA-2024:10785 | 04.12.2024 |
| Red Hat Enterprise Linux 8 | postgresql | Fixed | RHSA-2024:10830 | 05.12.2024 |
| Red Hat Enterprise Linux 8 | postgresql | Fixed | RHSA-2024:10831 | 05.12.2024 |
| Red Hat Enterprise Linux 8 | postgresql | Fixed | RHSA-2024:10832 | 05.12.2024 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | postgresql | Fixed | RHSA-2024:10739 | 03.12.2024 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | postgresql | Fixed | RHSA-2024:10789 | 04.12.2024 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | postgresql | Fixed | RHSA-2024:10846 | 05.12.2024 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | postgresql | Fixed | RHSA-2024:10789 | 04.12.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
Incorrect control of environment variables in PostgreSQL PL/Perl allow ...
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
EPSS
8.8 High
CVSS3