CVE-2018-10925

MEDIUM

Description

It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.

References

http://www.securityfocus.com/bid/105052

http://www.securitytracker.com/id/1041446

https://access.redhat.com/errata/RHSA-2018:2511

https://access.redhat.com/errata/RHSA-2018:2565

https://access.redhat.com/errata/RHSA-2018:2566

https://access.redhat.com/errata/RHSA-2018:3816

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10925

https://security.gentoo.org/glsa/201810-08

https://usn.ubuntu.com/3744-1/

https://www.debian.org/security/2018/dsa-4269

https://www.postgresql.org/about/news/1878/

Details

Source: MITRE

Published: 2018-08-09

Updated: 2019-10-03

Type: CWE-863

Risk Information

CVSS v2.0

Base Score: 5.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3.0

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Impact Score: 5.2

Exploitability Score: 2.8

Severity: HIGH

Vulnerable Software

Tenable Plugins

View all (20 total)

ID	Name	Product	Family	Severity
123286	openSUSE Security Update : postgresql10 (openSUSE-2019-659)	Nessus	SuSE Local Security Checks	medium
121988	Photon OS 2.0: Postgresql PHSA-2018-2.0-0087	Nessus	PhotonOS Local Security Checks	medium
121879	Photon OS 1.0: Postgresql PHSA-2018-1.0-0178	Nessus	PhotonOS Local Security Checks	medium
120455	Fedora 28 : postgresql (2018-5d1f7bd2d7)	Nessus	Fedora Local Security Checks	medium
120090	SUSE SLED15 / SLES15 Security Update : postgresql10 (SUSE-SU-2018:2564-1)	Nessus	SuSE Local Security Checks	medium
119478	Amazon Linux AMI : postgresql96 (ALAS-2018-1119)	Nessus	Amazon Linux Local Security Checks	medium
119477	Amazon Linux AMI : postgresql95 (ALAS-2018-1118)	Nessus	Amazon Linux Local Security Checks	medium
118508	GLSA-201810-08 : PostgreSQL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
118448	openSUSE Security Update : postgresql96 (openSUSE-2018-1278)	Nessus	SuSE Local Security Checks	medium
118387	SUSE SLED12 / SLES12 Security Update : postgresql96 (SUSE-SU-2018:3377-1)	Nessus	SuSE Local Security Checks	medium
117603	Amazon Linux AMI : postgresql93 / postgresql94,postgresql95 (ALAS-2018-1079)	Nessus	Amazon Linux Local Security Checks	medium
117346	Amazon Linux AMI : postgresql96 (ALAS-2018-1074)	Nessus	Amazon Linux Local Security Checks	medium
112269	openSUSE Security Update : postgresql10 (openSUSE-2018-955)	Nessus	SuSE Local Security Checks	medium
112221	Photon OS 1.0: Postgresql / Python2 / Python3 / Strongswan PHSA-2018-1.0-0178 (deprecated)	Nessus	PhotonOS Local Security Checks	medium
112220	Photon OS 2.0: Krb5 / Postgresql PHSA-2018-2.0-0087 (deprecated)	Nessus	PhotonOS Local Security Checks	medium
111966	PostgreSQL 9.3.x < 9.3.24 / 9.4.x < 9.4.19 / 9.5.x < 9.5.14 / 9.6.x < 9.6.10 / 10.x < 10.5 Multiple Vulnerabilities	Nessus	Databases	medium
111844	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : postgresql-10, postgresql-9.3, postgresql-9.5 vulnerabilities (USN-3744-1)	Nessus	Ubuntu Local Security Checks	medium
111770	Fedora 27 : postgresql (2018-d8f5aea89d)	Nessus	Fedora Local Security Checks	medium
111656	FreeBSD : PostgreSQL -- two vulnerabilities (96eab874-9c79-11e8-b34b-6cc21735f730)	Nessus	FreeBSD Local Security Checks	medium
111653	Debian DSA-4269-1 : postgresql-9.6 - security update	Nessus	Debian Local Security Checks	medium