Vulnerability CVE-2018-10925


Published: 2018-08-09

Description:
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.

Type:

CWE-285

(Improper Authorization)

Vendor: Postgresql
Product: Postgresql 
Version:
9.6.9
9.6.8
9.6.7
9.6.6
9.6.5
9.6.4
9.6.3
9.6.2
9.6.1
9.6.0
9.5.9
9.5.8
9.5.7
9.5.6
9.5.5
9.5.4
9.5.3
9.5.2
9.5.11
9.5.10
9.5.1
9.5.0
9.4.9
9.4.8
9.4.7
9.4.6
9.4.5
9.4.4
9.4.3
9.4.2
9.4.16
9.4.15
9.4.14
9.4.13
9.4.12
9.4.11
9.4.10
9.4.1
9.4.0
9.3.9
9.3.8
9.3.7
9.3.6
9.3.5
9.3.4
9.3.3
9.3.22
9.3.21
9.3.20
9.3.2
9.3.19
9.3.18
9.3.17
9.3.16
9.3.15
9.3.14
9.3.13
9.3.12
9.3.11
9.3.10
9.3.1
9.3.0
10.4
10.3
10.2
10.1
10.0
Vendor: Debian
Product: Debian linux 
Version: 9.0;
Vendor: Canonical
Product: Ubuntu linux 
Version:
18.04
16.04
14.04

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.5/10
4.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None

 References:
http://www.securityfocus.com/bid/105052
http://www.securitytracker.com/id/1041446
https://access.redhat.com/errata/RHSA-2018:2511
https://access.redhat.com/errata/RHSA-2018:2565
https://access.redhat.com/errata/RHSA-2018:2566
https://access.redhat.com/errata/RHSA-2018:3816
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10925
https://security.gentoo.org/glsa/201810-08
https://usn.ubuntu.com/3744-1/
https://www.debian.org/security/2018/dsa-4269
https://www.postgresql.org/about/news/1878/

Related CVE
CVE-2019-9628
The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly i...
CVE-2019-3460
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.
CVE-2019-3459
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
CVE-2019-0816
A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'.
CVE-2019-0211
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with...
CVE-2019-0217
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictio...
CVE-2018-3979
A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can...
CVE-2019-8956
In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.

Copyright 2019, cxsecurity.com

 

Back to Top