CVSS: 7.6EPSS: 0%CPEs: 47EXPL: 0CVE-2016-5424 – postgresql: privilege escalation via crafted database and role names
https://notcve.org/view.php?id=CVE-2016-5424
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation. PostgreSQL en versiones anteriores a 9.1.23, 9.2.x en versiones anteriores a 9.2.18, 9.3.x en versiones anteriores a 9.3.14, 9.4.x en versiones anteriores a 9.4.9 y 9.5.x en versiones anteriores a 9.5.4 podrían permitir a usuarios remotos autenticados con el rol CREATEDB o CREATEROLE obtener privilegios de superusuario a través de un carácter (1) " (comillas dobles), (2) \ (barra invertida), (3) retorno de carro o (4) nueva linea en (a) una base de datos o (b) el nombre del rol que se maneja incorrectamente durante una operación administrativa. A flaw was found in the way PostgreSQL client programs handled database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable client program. • http://rhn.redhat.com/errata/RHSA-2016-1781.html http://rhn.redhat.com/errata/RHSA-2016-1820.html http://rhn.redhat.com/errata/RHSA-2016-1821.html http://rhn.redhat.com/errata/RHSA-2016-2606.html http://www.debian.org/security/2016/dsa-3646 http://www.securityfocus.com/bid/92435 http://www.securitytracker.com/id/1036617 https://access.redhat.com/errata/RHSA-2017:2425 https://security.gentoo.org/glsa/201701-33 https://www.postgresql.org/about/news/1688 https: • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2193
https://notcve.org/view.php?id=CVE-2016-2193
PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role. PostgreSQL en versiones anteriores a 9.5.x en versiones anteriores a 9.5.2 no mantiene correctamente el estado de seguridad en fila en planos cacheados, lo que podría permitir a atacantes eludir las restricciones destinadas al acceso aprovechando una sesión que realiza consultas como más de un rol. • http://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=db69e58a0642ef7fa46d62f6c4cf2460c3a1b41b http://www.postgresql.org/about/news/1656 http://www.postgresql.org/docs/current/static/release-9-5-2.html http://www.securitytracker.com/id/1035468 • CWE-254: 7PK - Security Features •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-3065
https://notcve.org/view.php?id=CVE-2016-3065
The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service (server crash) via a crafted bytea value in a BRIN index page. Las funciones (1) brin_page_type y (2) brin_metapage_info en la extensión pageinspect en PostgreSQL en versiones anteriores a 9.5.x en versiones anteriores a 9.5.2 permite a atacantes eludir las restricciones destinadas al acceso y consecuentemente obtener información sensible de la memoria del servidor o provocar una denegación de servicio (caída de servidor) a través de un valor bytea manipulado en una página índice BRIN. • http://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=bf78a6f107949fdfb513d1b45e30cefe04e09e4f http://www.postgresql.org/about/news/1656 http://www.postgresql.org/docs/current/static/release-9-5-2.html http://www.securitytracker.com/id/1035468 • CWE-264: Permissions, Privileges, and Access Controls •