cnvd - cnvd-2018-05754

cnvd-2018-05754

Vulnerability from cnvd

Title: PostgreSQL文件读取漏洞

Description:

PostgreSQL是PostgreSQL开发组所研发的一套自由的对象关系型数据库管理系统。该系统支持大部分SQL标准并且提供了许多其他特性，例如外键、触发器、视图等。

PostgreSQL中存在安全漏洞。攻击者可利用该漏洞读取或更改文件。

Severity: 低

Patch Name: PostgreSQL文件读取漏洞的补丁

Patch Description:

PostgreSQL中存在安全漏洞。攻击者可利用该漏洞读取或更改文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.postgresql.org/about/news/1829/

Reference: https://www.postgresql.org/about/news/1829/ https://www.securityfocus.com/bid/102986

Impacted products

Name
['PostgreSQL Postgresql 9.3.，<9.3.21', 'PostgreSQL Postgresql 9.4.，<9.4.16', 'PostgreSQL Postgresql 9.5.，<9.5.11', 'PostgreSQL Postgresql 9.6.，<9.6.7', 'PostgreSQL Postgresql 10.*，<10.2']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "102986"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1053"
    }
  },
  "description": "PostgreSQL\u662fPostgreSQL\u5f00\u53d1\u7ec4\u6240\u7814\u53d1\u7684\u4e00\u5957\u81ea\u7531\u7684\u5bf9\u8c61\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u652f\u6301\u5927\u90e8\u5206SQL\u6807\u51c6\u5e76\u4e14\u63d0\u4f9b\u4e86\u8bb8\u591a\u5176\u4ed6\u7279\u6027\uff0c\u4f8b\u5982\u5916\u952e\u3001\u89e6\u53d1\u5668\u3001\u89c6\u56fe\u7b49\u3002\r\n\r\nPostgreSQL\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u6216\u66f4\u6539\u6587\u4ef6\u3002",
  "discovererName": "Tom Lane",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.postgresql.org/about/news/1829/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-05754",
  "openTime": "2018-03-20",
  "patchDescription": "PostgreSQL\u662fPostgreSQL\u5f00\u53d1\u7ec4\u6240\u7814\u53d1\u7684\u4e00\u5957\u81ea\u7531\u7684\u5bf9\u8c61\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u652f\u6301\u5927\u90e8\u5206SQL\u6807\u51c6\u5e76\u4e14\u63d0\u4f9b\u4e86\u8bb8\u591a\u5176\u4ed6\u7279\u6027\uff0c\u4f8b\u5982\u5916\u952e\u3001\u89e6\u53d1\u5668\u3001\u89c6\u56fe\u7b49\u3002\r\n\r\nPostgreSQL\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u6216\u66f4\u6539\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "PostgreSQL\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "PostgreSQL Postgresql 9.3.*\uff0c\u003c9.3.21",
      "PostgreSQL Postgresql 9.4.*\uff0c\u003c9.4.16",
      "PostgreSQL Postgresql 9.5.*\uff0c\u003c9.5.11",
      "PostgreSQL Postgresql 9.6.*\uff0c\u003c9.6.7",
      "PostgreSQL Postgresql 10.*\uff0c\u003c10.2"
    ]
  },
  "referenceLink": "https://www.postgresql.org/about/news/1829/\r\nhttps://www.securityfocus.com/bid/102986",
  "serverity": "\u4f4e",
  "submitTime": "2018-02-26",
  "title": "PostgreSQL\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e"
}

CVE-2018-1053 (GCVE-0-2018-1053)

Vulnerability from cvelistv5

Published

2018-02-09 14:00

Modified

2024-09-17 04:20

Severity ?

CWE

CWE-377

Summary

In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file.

References

▼	URL	Tags
	https://www.postgresql.org/about/news/1829/	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:2511	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2018/02/msg00006.html	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2018:2566	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3816	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/102986	vdb-entry, x_refsource_BID
	https://usn.ubuntu.com/3564-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	The PostgreSQL Global Development Group	postgresql	Version: 9.3.x before 9.3.21 Version: 9.4.x before 9.4.16 Version: 9.5.x before 9.5.11 Version: 9.6.x before 9.6.7 Version: 10.x before 10.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:44:11.896Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.postgresql.org/about/news/1829/"
          },
          {
            "name": "RHSA-2018:2511",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2511"
          },
          {
            "name": "[debian-lts-announce] 20180207 [SECURITY] [DLA-1271-1] postgresql-9.1 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00006.html"
          },
          {
            "name": "RHSA-2018:2566",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2566"
          },
          {
            "name": "RHSA-2018:3816",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3816"
          },
          {
            "name": "102986",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102986"
          },
          {
            "name": "USN-3564-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3564-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "postgresql",
          "vendor": "The PostgreSQL Global Development Group",
          "versions": [
            {
              "status": "affected",
              "version": "9.3.x before 9.3.21"
            },
            {
              "status": "affected",
              "version": "9.4.x before 9.4.16"
            },
            {
              "status": "affected",
              "version": "9.5.x before 9.5.11"
            },
            {
              "status": "affected",
              "version": "9.6.x before 9.6.7"
            },
            {
              "status": "affected",
              "version": "10.x before 10.2"
            }
          ]
        }
      ],
      "datePublic": "2018-02-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-377",
              "description": "CWE-377",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-14T10:57:02",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.postgresql.org/about/news/1829/"
        },
        {
          "name": "RHSA-2018:2511",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2511"
        },
        {
          "name": "[debian-lts-announce] 20180207 [SECURITY] [DLA-1271-1] postgresql-9.1 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00006.html"
        },
        {
          "name": "RHSA-2018:2566",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2566"
        },
        {
          "name": "RHSA-2018:3816",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3816"
        },
        {
          "name": "102986",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102986"
        },
        {
          "name": "USN-3564-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3564-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "DATE_PUBLIC": "2018-02-08T00:00:00",
          "ID": "CVE-2018-1053",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "postgresql",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.3.x before 9.3.21"
                          },
                          {
                            "version_value": "9.4.x before 9.4.16"
                          },
                          {
                            "version_value": "9.5.x before 9.5.11"
                          },
                          {
                            "version_value": "9.6.x before 9.6.7"
                          },
                          {
                            "version_value": "10.x before 10.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The PostgreSQL Global Development Group"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-377"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.postgresql.org/about/news/1829/",
              "refsource": "CONFIRM",
              "url": "https://www.postgresql.org/about/news/1829/"
            },
            {
              "name": "RHSA-2018:2511",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2511"
            },
            {
              "name": "[debian-lts-announce] 20180207 [SECURITY] [DLA-1271-1] postgresql-9.1 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00006.html"
            },
            {
              "name": "RHSA-2018:2566",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2566"
            },
            {
              "name": "RHSA-2018:3816",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3816"
            },
            {
              "name": "102986",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102986"
            },
            {
              "name": "USN-3564-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3564-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-1053",
    "datePublished": "2018-02-09T14:00:00Z",
    "dateReserved": "2017-12-04T00:00:00",
    "dateUpdated": "2024-09-17T04:20:15.991Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted