CVE-2015-0244 – postgresql: loss of frontend/backend protocol synchronization after an error

https://notcve.org/view.php?id=CVE-2015-0244

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation. PostgreSQL versiones anteriores a 9.0.19, versiones 9.1.x anteriores a 9.1.15, versiones 9.2.x anteriores a 9.2.10, versiones 9.3.x anteriores a 9.3.6 y versiones 9.4.x anteriores a 9.4.1, no maneja apropiadamente los errores al leer un mensaje de protocolo, lo que permite a atacantes remotos conducir ataques de inyección SQL por medio de datos binarios diseñados en un parámetro y causar un error, lo que desencadena la pérdida de sincronización y parte del mensaje del protocolo es tratado como un mensaje nuevo, como es demostrado al causar un tiempo de espera o la cancelación de la consulta. A flaw was found in the way PostgreSQL handled certain errors that were generated during protocol synchronization. An authenticated database user could use this flaw to inject queries into an existing connection. • http://www.debian.org/security/2015/dsa-3155 http://www.postgresql.org/about/news/1569 http://www.postgresql.org/docs/9.4/static/release-9-4-1.html http://www.postgresql.org/docs/current/static/release-9-0-19.html http://www.postgresql.org/docs/current/static/release-9-1-15.html http://www.postgresql.org/docs/current/static/release-9-2-10.html http://www.postgresql.org/docs/current/static/release-9-3-6.html https://access.redhat.com/security/cve/CVE-2015& • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-300: Channel Accessible by Non-Endpoint •