USN71-1 : postgresql vulnerability
|
|
Article ID: 20692
Last updated: 27 Jan, 2009
|
|
|
|
Views: 159
|
|
Posted: 22 Jan, 2009
by: Tech Pubs S.
Updated: 27 Jan, 2009
by: Tech Pubs S.
|
|
USN71-1 : postgresql vulnerability |
|
| Ubuntu Security Notice (C) 2005 Canonical, Inc. / NASL script (C) 2005 Tenable Network Security, Inc. |
|
|
| Family | Ubuntu Local Security Checks |
| Plugin ID | 20692 |
| Bugtraq ID |
|
| CVE ID |
|
|
| Description: |
Synopsis :
These remote packages are missing security patches :
- libecpg-dev
- libecpg4
- libpgtcl
- libpgtcl-dev
- libpq3
- postgresql
- postgresql-client
- postgresql-contrib
- postgresql-dev
- postgresql-doc
Description :
John Heasman discovered a local privilege escalation in the PostgreSQL
server. Any user could use the LOAD extension to load any shared
library into the PostgreSQL server
the librarys initialisation
function was then executed with the permissions of the server.
Now the use of LOAD is restricted to the database superuser (usually
postgres).
Note: Since there is no way for normal database users to create
arbitrary files, this vulnerability is not exploitable remotely, e. g.
by uploading a shared library in the form of a Binary Large Object
(BLOB) to a public web server.
Solution :
Upgrade to :
- libecpg-dev-7.4.5-3ubuntu0.2 (Ubuntu 4.10)
- libecpg4-7.4.5-3ubuntu0.2 (Ubuntu 4.10)
- libpgtcl-7.4.5-3ubuntu0.2 (Ubuntu 4.10)
- libpgtcl-dev-7.4.5-3ubuntu0.2 (Ubuntu 4.10)
- libpq3-7.4.5-3ubuntu0.2 (Ubuntu 4.10)
- postgresql-7.4.5-3ubuntu0.2 (Ubuntu 4.10)
- postgresql-client-7.4.5-3ubuntu0.2 (Ubuntu 4.10)
- postgresql-contrib-7.4.5-3ubuntu0.2 (Ubuntu 4.10)
- postgresql-dev-7.4.5-3ubuntu0.2 (Ubuntu 4.10)
- postgresql-doc-7.4.5-3ubuntu0.2 (Ubuntu 4.10)
Risk factor : High
|
|
