Vulnerability CVE-2018-10915


Published: 2018-08-09

Description:
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.

Type:

CWE-20

(Improper Input Validation)

Vendor: Postgresql
Product: Postgresql 
Version:
9.6.9
9.6.8
9.6.7
9.6.6
9.6.5
9.6.4
9.6.3
9.6.2
9.6.1
9.6.0
9.5.9
9.5.8
9.5.7
9.5.6
9.5.5
9.5.4
9.5.3
9.5.2
9.5.11
9.5.10
9.5.1
9.5.0
9.4.9
9.4.8
9.4.7
9.4.6
9.4.5
9.4.4
9.4.3
9.4.2
9.4.16
9.4.15
9.4.14
9.4.13
9.4.12
9.4.11
9.4.10
9.4.1
9.4.0
9.3.9
9.3.8
9.3.7
9.3.6
9.3.5
9.3.4
9.3.3
9.3.22
9.3.21
9.3.20
9.3.2
9.3.19
9.3.18
9.3.17
9.3.16
9.3.15
9.3.14
9.3.13
9.3.12
9.3.11
9.3.10
9.3.1
9.3.0
10.4
10.3
10.2
10.1
10.0
Vendor: Debian
Product: Debian linux 
Version: 9.0; 8.0;
Vendor: Redhat
Product: Enterprise linux server eus 
Version: 7.5;
Product: Enterprise linux server 
Version: 7.0;
Product: Enterprise linux workstation 
Version: 7.0;
Product: Enterprise linux desktop 
Version: 7.0;
Product: Virtualization 
Version: 4.0;
Product: Openstack 
Version: 13.0; 12.0;
Vendor: Canonical
Product: Ubuntu linux 
Version:
18.04
16.04
14.04

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6/10
6.4/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.securityfocus.com/bid/105054
http://www.securitytracker.com/id/1041446
https://access.redhat.com/errata/RHSA-2018:2511
https://access.redhat.com/errata/RHSA-2018:2557
https://access.redhat.com/errata/RHSA-2018:2565
https://access.redhat.com/errata/RHSA-2018:2566
https://access.redhat.com/errata/RHSA-2018:2643
https://access.redhat.com/errata/RHSA-2018:2721
https://access.redhat.com/errata/RHSA-2018:2729
https://access.redhat.com/errata/RHSA-2018:3816
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10915
https://lists.debian.org/debian-lts-announce/2018/08/msg00012.html
https://security.gentoo.org/glsa/201810-08
https://usn.ubuntu.com/3744-1/
https://www.debian.org/security/2018/dsa-4269
https://www.postgresql.org/about/news/1878/

Related CVE
CVE-2019-3823
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed n...
CVE-2019-3822
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents...
CVE-2018-16890
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subjec...
CVE-2018-18506
When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This b...
CVE-2018-18505
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created...
CVE-2018-18504
A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results is a potentially exploitable crash and the possibility of reading from the memory of the freed buff...
CVE-2018-18503
When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. This vulnerability affects Firefox < 65.
CVE-2018-18502
Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. Th...

Copyright 2019, cxsecurity.com

 

Back to Top