FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

PostgreSQL -- SQL injection in pg_upgrade and pg_dump

Affected packages
postgresql10-server < 10.6
postgresql96-server < 9.6.11
postgresql95-server < 9.5.15
postgresql94-server < 9.4.20
postgresql93-server < 9.3.25

Details

VuXML ID 1c27a706-e3aa-11e8-b77a-6cc21735f730
Discovery 2018-11-08
Entry 2018-11-08

The PostgreSQL project reports:

CVE-2018-16850: SQL injection in pg_upgrade and pg_dump, via CREATE TRIGGER ... REFERENCING.

Using a purpose-crafted trigger definition, an attacker can run arbitrary SQL statements with superuser privileges when a superuser runs pg_upgrade on the database or during a pg_dump dump/restore cycle. This attack requires a CREATE privilege on some non-temporary schema or a TRIGGER privilege on a table. This is exploitable in the default PostgreSQL configuration, where all users have CREATE privilege on public schema.

[source]

References

CVE Name CVE-2018-16850
URL https://www.postgresql.org/about/news/1905/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.