FreeBSD : postgresql -- encoding based SQL injection (17f53c1d-2ae9-11db-a6e2-000e0c2e438a)

This script is Copyright (C) 2006-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The PostgreSQL development team reports :

An attacker able to submit crafted strings to an application that will
embed those strings in SQL commands can use invalidly-encoded
multibyte characters to bypass standard string-escaping methods,
resulting in possible injection of hostile SQL commands into the
database. The attacks covered here work in any multibyte encoding.

The widely-used practice of escaping ASCII single quote ''' by turning
it into '\'' is unsafe when operating in multibyte encodings that
allow 0x5c (ASCII code for backslash) as the trailing byte of a
multibyte character; this includes at least SJIS, BIG5, GBK, GB18030,
and UHC. An application that uses this conversion while embedding
untrusted strings in SQL commands is vulnerable to SQL-injection
attacks if it communicates with the server in one of these encodings.
While the standard client libraries used with PostgreSQL have escaped
''' in the safe, SQL-standard way of '''' for some time, the older
practice remains common.

See also :

http://www.postgresql.org/docs/techdocs.50
http://www.nessus.org/u?1a6adc31

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 22208 (freebsd_pkg_17f53c1d2ae911dba6e2000e0c2e438a.nasl)

Bugtraq ID: 18092

CVE ID: CVE-2006-2313
CVE-2006-2314

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now