Multiple Security Vulnerabilities in PostgreSQL Shipped with Solaris 10 May Allow Elevation of Privileges or Denial of Service (DoS) |
|
| Category : | Security |
| Release Phase : | Resolved |
| Bug Id : | 6643754, 6643743
|
| Product : | Solaris 10 Operating System
|
| Date of Workaround Release : | 30-JAN-2008
|
| Date of Resolved Release : | 05-FEB-2008
|
Multiple Security Vulnerabilities in PostgreSQL Shipped with Solaris 10 May Allow Elevation of Privileges or Denial of Service (DoS) (see details below)
1. Impact
Multiple security vulnerabilities affecting the PostgreSQL software shipped with Solaris 10 may allow a local or remote user who has access to the PostgreSQL server to cause a Denial of Service (DoS) to the PostgreSQL instance or the server it runs on (due to excessive resource consumption), or to gain elevated privileges on the server.
These issues are described in the following documents:
Official PostgreSQL annoucement: http://www.postgresql.org/about/news.905
CVE-2007-4769 at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4769
CVE-2007-4772 at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772
CVE-2007-6067 at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6067
CVE-2007-6600 at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6600
CVE-2007-6601 at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6601
CVE-2007-3278 at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3278
2. Contributing Factors
These issues can occur in the following releases:
SPARC Platform
- Solaris 10 PostgreSQL 8.1 without patch 123590-08
- Solaris 10 PostgreSQL 8.2 without patch 136998-02
x86 Platform
- Solaris 10 PostgreSQL 8.1 without patch 123591-08
- Solaris 10 PostgreSQL 8.2 without patch 136999-02
Notes:
- Solaris 8 and 9 do not ship with PostgreSQL and are not impacted by this issue.
- A user exploiting this vulnerability must have an account on the PostgreSQL server.
- This issue affects PostgreSQL versions 7.4.x prior to 7.4.19, 8.0.x prior to 8.0.15, 8.1.x prior to 8.1.11 and 8.2.x prior to 8.2.6.
- Only systems which have PostgreSQL installed and running are impacted by these issues.
- Both PostgreSQL 8.1 (SUNWpostgr) and 8.2 (packages beginning with SUNWpostgr-82) can be installed at the same time and are separately impacted by these vulnerabilities.
To determine if a version of PostgreSQL is installed, a command such as the following can be used:
$ pkginfo | grep SUNWpostgr
system SUNWpostgr PostgreSQL 8.1.9 client programs and libraries
system SUNWpostgr-82-client PostgreSQL 8.2 client tools
To determine if PostgreSQL is running on a server, a command such as the following can be run as the user 'postgres' (or the 'root' user):
for PostgreSQL 8.1:
$ pg_ctl status -D /var/lib/pgsql/data/
pg_ctl: neither postmaster nor postgres running
for PostgreSQL 8.2:
$ /usr/postgres/8.2/bin/pg_ctl status -D /var/postgres/8.2/data/
pg_ctl: server is running (PID: 395)
/usr/postgres/8.2/bin/postgres -D /var/postgres/8.2/data
or (where applicable):
$ svcs postgresql
STATE STIME FMRI
disabled 19:42:27 svc:/application/database/postgresql:version_81
online 19:43:03 svc:/application/database/postgresql:version_82
3. Symptoms
There are no predictable symptoms that would indicate these issues have been exploited to gain elevated privileges on the server.
When these issues are exploited to cause a Denial of Service (DoS), system response may be slow and the postgres(1) process may crash, potentially leaving a core file.
4. Workaround
There is no workaround for these issues. Please see the Resolution section below.
5. ResolutionThese issues are addressed in the following releases:
SPARC Platform
- Solaris 10 PostgreSQL 8.1 with patch 123590-08 or later
- Solaris 10 PostgreSQL 8.2 with patch 136998-02 or later
x86 Platform
- Solaris 10 PostgreSQL 8.1 with patch 123591-08 or later
- Solaris 10 PostgreSQL 8.2 with patch 136999-02 or later
For more information on Security Sun Alerts, see Sun Infodoc 91209.
This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements.
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
Modification History05-FEB-2008: Updated Contributing Factors and Resolution sections, now RESOLVED
30-Jan-2008: Updated Contributing Factors and Resolution sections
AttachmentsThis solution has no attachment
|
Subscribe |
Careers |
Contact Us |
Site Maps |
Legal Notices |
Terms of Use |
Your Privacy Rights |
Sun Contracted Content
Sun Contracted Feature
