Journal Faille PostgreSQL

Posté par  (site web personnel) . Licence CC By‑SA.
Étiquettes :

Bon journal !

Pour les DBA PostgreSQL (et les autres gens) qui hibernent depuis une semaine :
Il faut mettre à jour vos moteurs de bases !!! Les mises à jours sont disponibles depuis hier après midi pour 9.2.x, 9.1.x et 9.0.x

Et ce n'est pas un poisson d'Avril …

commit 17fe2793ea7fe269ed616cb305150b6cf38dbaa8
Author: Tom Lane <>
Date:   Mon Apr 1 14:00:51 2013 -0400

Fix insecure parsing of server command-line switches.

An oversight in commit e710b65c1c56ca7b91f662c63d37ff2e72862a94 allowed
database names beginning with "-" to be treated as though they were secure
command-line switches; and this switch processing occurs before client
authentication, so that even an unprivileged remote attacker could exploit
the bug, needing only connectivity to the postmaster's port.  Assorted
exploits for this are possible, some requiring a valid database login,
some not.  The worst known problem is that the "-r" switch can be invoked
to redirect the process's stderr output, so that subsequent error messages
will be appended to any file the server can write.  This can for example be
used to corrupt the server's configuration files, so that it will fail when
next restarted.  Complete destruction of database tables is also possible.

Fix by keeping the database name extracted from a startup packet fully
separate from command-line switches, as had already been done with the
user name field.

The Postgres project thanks Mitsumasa Kondo for discovering this bug,
Kyotaro Horiguchi for drafting the fix, and Noah Misch for recognizing
the full extent of the danger.

Security: CVE-2013-1899

et des liens :

Suivre le flux des commentaires

Note : les commentaires appartiennent à celles et ceux qui les ont postés. Nous n’en sommes pas responsables.