CVE-2015-3166 – postgresql: unanticipated errors from the standard library
https://notcve.org/view.php?id=CVE-2015-3166
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error. La implementación de snprintf en PostgreSQL versiones anteriores a 9.0.20, versiones 9.1.x anteriores a 9.1.16, versiones 9.2.x anteriores a 9.2.11, versiones 9.3.x anteriores a 9.3.7 y versiones 9.4.x anteriores a 9.4.2, no maneja apropiadamente los errores de llamadas al sistema , lo que permite a atacantes obtener información confidencial o tener otro impacto no especificado por medio de vectores desconocidos, como es demostrado por un error fuera de la memoria. It was discovered that PostgreSQL did not properly check the return values of certain standard library functions. If the system was in a state that would cause the standard library functions to fail (for example, memory exhaustion), an authenticated user could possibly exploit this flaw to disclose partial memory contents or cause the GSSAPI authentication to use an incorrect keytab file. • http://ubuntu.com/usn/usn-2621-1 http://www.debian.org/security/2015/dsa-3269 http://www.debian.org/security/2015/dsa-3270 http://www.postgresql.org/about/news/1587 http://www.postgresql.org/docs/9.0/static/release-9-0-20.html http://www.postgresql.org/docs/9.1/static/release-9-1-16.html http://www.postgresql.org/docs/9.2/static/release-9-2-11.html http://www.postgresql.org/docs/9.3/static/release-9-3-7.html http://www.postgresql.org/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-391: Unchecked Error Condition •
CVE-2015-3167 – postgresql: pgcrypto has multiple error messages for decryption with an incorrect key.
https://notcve.org/view.php?id=CVE-2015-3167
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack. contrib/pgcrypto en PostgreSQL versiones anteriores a 9.0.20, versiones 9.1.x anteriores a 9.1.16, versiones 9.2.x anteriores a 9.2.11, versiones 9.3.x anteriores a 9.3.7 y versiones 9.4.x anteriores a 9.4.2, utiliza diferentes respuestas de error cuando una clave incorrecta se usada, lo que facilita a atacantes obtener la clave por medio de un ataque de fuerza bruta. It was discovered that the pgcrypto module could return different error messages when decrypting certain data with an incorrect key. This could potentially help an authenticated user to launch a possible cryptographic attack, although no suitable attack is currently known. • http://ubuntu.com/usn/usn-2621-1 http://www.debian.org/security/2015/dsa-3269 http://www.debian.org/security/2015/dsa-3270 http://www.postgresql.org/about/news/1587 http://www.postgresql.org/docs/9.0/static/release-9-0-20.html http://www.postgresql.org/docs/9.1/static/release-9-1-16.html http://www.postgresql.org/docs/9.2/static/release-9-2-11.html http://www.postgresql.org/docs/9.3/static/release-9-3-7.html http://www.postgresql.org/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2015-0242
https://notcve.org/view.php?id=CVE-2015-0242
Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function. Un desbordamiento del búfer en la región stack de la memoria en las implementaciones de la función *printf en PostgreSQL versiones anteriores a 9.0.19, versiones 9.1.x anteriores a 9.1.15, versiones 9.2.x anteriores a 9.2.10, versiones 9.3.x anteriores a 9.3.6 y versiones 9.4.x anteriores a 9.4.1, cuando se ejecuta sobre un sistema Windows, permite a usuarios autenticados remotos causar una denegación de servicio (bloqueo) y posiblemente ejecutar código arbitrario por medio de un número de punto flotante con una gran precisión, como es demostrado por el uso de la función to_char. • http://www.debian.org/security/2015/dsa-3155 http://www.postgresql.org/about/news/1569 http://www.postgresql.org/docs/9.4/static/release-9-4-1.html http://www.postgresql.org/docs/current/static/release-9-0-19.html http://www.postgresql.org/docs/current/static/release-9-1-15.html http://www.postgresql.org/docs/current/static/release-9-2-10.html http://www.postgresql.org/docs/current/static/release-9-3-6.html • CWE-787: Out-of-bounds Write •
CVE-2015-0244 – postgresql: loss of frontend/backend protocol synchronization after an error
https://notcve.org/view.php?id=CVE-2015-0244
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation. PostgreSQL versiones anteriores a 9.0.19, versiones 9.1.x anteriores a 9.1.15, versiones 9.2.x anteriores a 9.2.10, versiones 9.3.x anteriores a 9.3.6 y versiones 9.4.x anteriores a 9.4.1, no maneja apropiadamente los errores al leer un mensaje de protocolo, lo que permite a atacantes remotos conducir ataques de inyección SQL por medio de datos binarios diseñados en un parámetro y causar un error, lo que desencadena la pérdida de sincronización y parte del mensaje del protocolo es tratado como un mensaje nuevo, como es demostrado al causar un tiempo de espera o la cancelación de la consulta. A flaw was found in the way PostgreSQL handled certain errors that were generated during protocol synchronization. An authenticated database user could use this flaw to inject queries into an existing connection. • http://www.debian.org/security/2015/dsa-3155 http://www.postgresql.org/about/news/1569 http://www.postgresql.org/docs/9.4/static/release-9-4-1.html http://www.postgresql.org/docs/current/static/release-9-0-19.html http://www.postgresql.org/docs/current/static/release-9-1-15.html http://www.postgresql.org/docs/current/static/release-9-2-10.html http://www.postgresql.org/docs/current/static/release-9-3-6.html https://access.redhat.com/security/cve/CVE-2015& • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-300: Channel Accessible by Non-Endpoint •
CVE-2015-0241 – postgresql: buffer overflow in the to_char() function
https://notcve.org/view.php?id=CVE-2015-0241
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow. La función to_char en PostgreSQL versiones anteriores a 9.0.19, versiones 9.1.x anteriores a 9.1.15, versiones 9.2.x anteriores a 9.2.10, versiones 9.3.x anteriores a 9.3.6 y versiones 9.4.x anteriores a 9.4.1, permite a usuarios autenticados remotos causar una negación de servicio (bloqueo) o posiblemente ejecutar código arbitrario por medio de un (1) gran número de dígitos cuando se procesa una plantilla de formato numérico, que desencadena una lectura excesiva del búfer, o una (2) plantilla de formato de marca de tiempo, que desencadena un desbordamiento del búfer. A buffer overflow flaw was found in the way PostgreSQL handled certain numeric formatting. An authenticated database user could use a specially crafted timestamp formatting template to cause PostgreSQL to crash or, under certain conditions, execute arbitrary code with the permissions of the user running PostgreSQL. • http://www.debian.org/security/2015/dsa-3155 http://www.postgresql.org/about/news/1569 http://www.postgresql.org/docs/9.4/static/release-9-4-1.html http://www.postgresql.org/docs/current/static/release-9-0-19.html http://www.postgresql.org/docs/current/static/release-9-1-15.html http://www.postgresql.org/docs/current/static/release-9-2-10.html http://www.postgresql.org/docs/current/static/release-9-3-6.html https://access.redhat.com/security/cve/CVE-2015& • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •