[security-alerts] FW: [SA18890] PostgreSQL Privilege Escalation and Denial of Service

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> 
> 
> TITLE:
> PostgreSQL Privilege Escalation and Denial of Service
> 
> SECUNIA ADVISORY ID:
> SA18890
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/18890/
> 
> CRITICAL:
> Less critical
> 
> IMPACT:
> Privilege escalation, DoS
> 
> WHERE:
> From local network
> 
> SOFTWARE:
> PostgreSQL 8.x
> http://secunia.com/product/4587/
> PostgreSQL 7.x
> http://secunia.com/product/506/
> 
> DESCRIPTION:
> Two vulnerabilities have been reported in PostgreSQL, which can be
> exploited by malicious users to cause a DoS (Denial of Service) or
> gain escalated privileges.
> 
> 1) A validation error exists within the handling of the SET ROLE
> command when restoring the previous role setting after an error. This
> can be exploited by an authenticated user to gain superuser
> privileges.
> 
> The vulnerability has been reported in the 8.1 branch.
> 
> 2) An error in the SET SESSION AUTHORIZATION command can be exploited
> to crash the server process, if it has been compiled with Asserts
> enabled.
> 
> The vulnerability has been reported in the 7.3, 7.4, 8.0 and 8.1
> branch.
> 
> SOLUTION:
> Update to the fixed versions.
> http://www.postgresql.org/download/
> 
> Version 7.3.x:
> Update to version 7.3.14.
> 
> Version 7.4.x:
> Update to version 7.4.12.
> 
> Version 8.0.x:
> Update to version 8.0.7.
> 
> Version 8.1.x:
> Update to version 8.1.3.
> 
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits Akio Ishida.
> 
> ORIGINAL ADVISORY:
> http://archives.postgresql.org/pgsql-announce/2006-02/msg00008.php
> http://www.postgresql.org/docs/8.1/static/release-7-3-14.html
> http://www.postgresql.org/docs/8.1/static/release-7-4-12.html
> http://www.postgresql.org/docs/8.1/static/release-8-0-7.html
> http://www.postgresql.org/docs/8.1/static/release.html#RELEASE-8-1-3
> 
>