FreeBSD : postgresql -- encoding based SQL injection (17f53c1d-2ae9-11db-a6e2-000e0c2e438a)

high Nessus Plugin ID 22208

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The PostgreSQL development team reports :

An attacker able to submit crafted strings to an application that will embed those strings in SQL commands can use invalidly-encoded multibyte characters to bypass standard string-escaping methods, resulting in possible injection of hostile SQL commands into the database. The attacks covered here work in any multibyte encoding.

The widely-used practice of escaping ASCII single quote ''' by turning it into '\'' is unsafe when operating in multibyte encodings that allow 0x5c (ASCII code for backslash) as the trailing byte of a multibyte character; this includes at least SJIS, BIG5, GBK, GB18030, and UHC. An application that uses this conversion while embedding untrusted strings in SQL commands is vulnerable to SQL-injection attacks if it communicates with the server in one of these encodings.
While the standard client libraries used with PostgreSQL have escaped ''' in the safe, SQL-standard way of '''' for some time, the older practice remains common.

Solution

Update the affected packages.

See Also

https://www.postgresql.org/docs/techdocs.50/

http://www.nessus.org/u?cc38503d

Plugin Details

Severity: High

ID: 22208

File Name: freebsd_pkg_17f53c1d2ae911dba6e2000e0c2e438a.nasl

Version: 1.18

Type: local

Published: 8/14/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:ja-postgresql, p-cpe:/a:freebsd:freebsd:postgresql, p-cpe:/a:freebsd:freebsd:postgresql-server, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 8/13/2006

Vulnerability Publication Date: 5/11/2006

Reference Information

CVE: CVE-2006-2313, CVE-2006-2314

BID: 18092