Vulnerability CVE-2018-10915


Published: 2018-08-09

Description:
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.

Type:

CWE-20

(Improper Input Validation)

Vendor: Postgresql
Product: Postgresql 
Version:
9.6.9
9.6.8
9.6.7
9.6.6
9.6.5
9.6.4
9.6.3
9.6.2
9.6.1
9.6.0
9.5.9
9.5.8
9.5.7
9.5.6
9.5.5
9.5.4
9.5.3
9.5.2
9.5.11
9.5.10
9.5.1
9.5.0
9.4.9
9.4.8
9.4.7
9.4.6
9.4.5
9.4.4
9.4.3
9.4.2
9.4.16
9.4.15
9.4.14
9.4.13
9.4.12
9.4.11
9.4.10
9.4.1
9.4.0
9.3.9
9.3.8
9.3.7
9.3.6
9.3.5
9.3.4
9.3.3
9.3.22
9.3.21
9.3.20
9.3.2
9.3.19
9.3.18
9.3.17
9.3.16
9.3.15
9.3.14
9.3.13
9.3.12
9.3.11
9.3.10
9.3.1
9.3.0
10.4
10.3
10.2
10.1
10.0
Vendor: Debian
Product: Debian linux 
Version: 9.0; 8.0;
Vendor: Redhat
Product: Enterprise linux server eus 
Version: 7.5;
Product: Enterprise linux server 
Version: 7.0;
Product: Enterprise linux workstation 
Version: 7.0;
Product: Enterprise linux desktop 
Version: 7.0;
Product: Virtualization 
Version: 4.0;
Product: Openstack 
Version: 13.0; 12.0;
Vendor: Canonical
Product: Ubuntu linux 
Version:
18.04
16.04
14.04

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6/10
6.4/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.securityfocus.com/bid/105054
http://www.securitytracker.com/id/1041446
https://access.redhat.com/errata/RHSA-2018:2511
https://access.redhat.com/errata/RHSA-2018:2557
https://access.redhat.com/errata/RHSA-2018:2565
https://access.redhat.com/errata/RHSA-2018:2566
https://access.redhat.com/errata/RHSA-2018:2643
https://access.redhat.com/errata/RHSA-2018:2721
https://access.redhat.com/errata/RHSA-2018:2729
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10915
https://lists.debian.org/debian-lts-announce/2018/08/msg00012.html
https://usn.ubuntu.com/3744-1/
https://www.debian.org/security/2018/dsa-4269
https://www.postgresql.org/about/news/1878/

Related CVE
CVE-2018-1000222
Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerabil...
CVE-2018-14567
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-201...
CVE-2018-6556
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also ...
CVE-2018-6553
The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-...
CVE-2018-7073
A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.
CVE-2018-5390
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
CVE-2018-14574
django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.
CVE-2018-14883
An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.

Copyright 2018, cxsecurity.com

 

Back to Top