Описание
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
A vulnerability was found in PostgreSQL. A Race condition in pg_dump allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser.
Отчет
Satellite PostgreSQL is pulled through a base layered OS product and/or appstream repository and it is not shipped through this offering. This TOCTOU race condition in pg_dump is a important severity issue because it enables a non-privileged database user to escalate their privileges and execute arbitrary SQL functions as the superuser, compromising the entire database system. The exploitation of this vulnerability is particularly dangerous due to the inherent privilege level associated with the pg_dump process, which typically operates with elevated rights to ensure comprehensive backups. The ease of exploitation—due to the trivial nature of winning the race condition by holding an open transaction—further amplifies the risk, making it a significant threat in environments running affected PostgreSQL versions.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | postgresql | Out of support scope | ||
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | postgresql | Fixed | RHSA-2024:8495 | 28.10.2024 |
| Red Hat Enterprise Linux 8 | postgresql | Fixed | RHSA-2024:5927 | 28.08.2024 |
| Red Hat Enterprise Linux 8 | postgresql | Fixed | RHSA-2024:6000 | 29.08.2024 |
| Red Hat Enterprise Linux 8 | postgresql | Fixed | RHSA-2024:6001 | 29.08.2024 |
| Red Hat Enterprise Linux 8 | postgresql | Fixed | RHSA-2024:6018 | 29.08.2024 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | postgresql | Fixed | RHSA-2024:6138 | 03.09.2024 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | postgresql | Fixed | RHSA-2024:6139 | 03.09.2024 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | postgresql | Fixed | RHSA-2024:6557 | 10.09.2024 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | postgresql | Fixed | RHSA-2024:6139 | 03.09.2024 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in Postgr ...
7.5 High
CVSS3