ID CVE-2018-10915
Summary A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_96EAB8749C7911E8B34B6CC21735F730.NASL
    description The PostgreSQL project reports : CVE-2018-10915: Certain host connection parameters defeat client-side security defenses libpq, the client connection API for PostgreSQL that is also used by other connection libraries, had an internal issue where it did not reset all of its connection state variables when attempting to reconnect. In particular, the state variable that determined whether or not a password is needed for a connection would not be reset, which could allow users of features requiring libpq, such as the 'dblink' or 'postgres_fdw' extensions, to login to servers they should not be able to access. CVE-2018-10925: Memory disclosure and missing authorization in `INSERT ... ON CONFLICT DO UPDATE` An attacker able to issue CREATE TABLE can read arbitrary bytes of server memory using an upsert (`INSERT ... ON CONFLICT DO UPDATE`) query. By default, any user can exploit that. A user that has specific INSERT privileges and an UPDATE privilege on at least one column in a given table can also update other columns using a view and an upsert query.
    last seen 2018-08-15
    modified 2018-08-13
    plugin id 111656
    published 2018-08-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111656
    title FreeBSD : PostgreSQL -- two vulnerabilities (96eab874-9c79-11e8-b34b-6cc21735f730)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-D8F5AEA89D.NASL
    description update to 9.6.10, CVE-2018-10915 CVE-2018-10925 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-17
    modified 2018-08-16
    plugin id 111770
    published 2018-08-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111770
    title Fedora 27 : postgresql (2018-d8f5aea89d)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4269.NASL
    description Two vulnerabilities have been found in the PostgreSQL database system : - CVE-2018-10915 Andrew Krasichkov discovered that libpq did not reset all its connection state during reconnects. - CVE-2018-10925 It was discovered that some 'CREATE TABLE' statements could disclose server memory. For additional information please refer to the upstream announcement at https://www.postgresql.org/about/news/1878/
    last seen 2018-08-15
    modified 2018-08-13
    plugin id 111653
    published 2018-08-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111653
    title Debian DSA-4269-1 : postgresql-9.6 - security update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1464.NASL
    description An unprivileged user of dblink or postgres_fdw could bypass the checks intended to prevent use of server-side credentials, such as a ~/.pgpass file owned by the operating-system user running the server. Servers allowing peer authentication on local connections are particularly vulnerable. Other attacks such as SQL injection into a postgres_fdw session are also possible. Attacking postgres_fdw in this way requires the ability to create a foreign server object with selected connection parameters, but any user with access to dblink could exploit the problem. In general, an attacker with the ability to select the connection parameters for a libpq-using application could cause mischief, though other plausible attack scenarios are harder to think of. Our thanks to Andrew Krasichkov for reporting this issue. For Debian 8 'Jessie', this problem has been fixed in version 9.4.19-0+deb8u1. We recommend that you upgrade your postgresql-9.4 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-17
    modified 2018-08-16
    plugin id 111762
    published 2018-08-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111762
    title Debian DLA-1464-1 : postgresql-9.4 security update
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3744-1.NASL
    description Andrew Krasichkov discovered that the PostgreSQL client library incorrectly reset its internal state between connections. A remote attacker could possibly use this issue to bypass certain client-side connection security features. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-10915) It was discovered that PostgreSQL incorrectly checked authorization on certain statements. A remote attacker could possibly use this issue to read arbitrary server memory or alter certain data. (CVE-2018-10925). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-18
    modified 2018-08-17
    plugin id 111844
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111844
    title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : postgresql-10, postgresql-9.3, postgresql-9.5 vulnerabilities (USN-3744-1)
  • NASL family Databases
    NASL id POSTGRESQL_20180809.NASL
    description The version of PostgreSQL installed on the remote host is 9.3.x prior to 9.3.24, 9.4.x prior to 9.4.19, 9.5.x prior to 9.5.14, 9.6.x prior to 9.6.10, or 10.x prior to 10.5. It is, therefore, affected by multiple vulnerabilities.
    last seen 2018-08-18
    modified 2018-08-17
    plugin id 111966
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111966
    title PostgreSQL 9.3.x < 9.3.24 / 9.4.x < 9.4.19 / 9.5.x < 9.5.14 / 9.6.x < 9.6.10 / 10.x < 10.5 Multiple Vulnerabilities
refmap via4
bid 105054
confirm
debian DSA-4269
mlist [debian-lts-announce] 20180815 [SECURITY] [DLA 1464-1] postgresql-9.4 security update
sectrack 1041446
ubuntu USN-3744-1
Last major update 09-08-2018 - 16:29
Published 09-08-2018 - 16:29
Last modified 17-08-2018 - 06:29
Back to Top