PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.

An update of the postgresql package has been released.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0980 advisory.

    PostgreSQL is an advanced object-relational database management system (DBMS).

    The following packages have been upgraded to a later upstream version: rh-postgresql10-postgresql (10.12).

    Security Fix(es):

    * PostgreSQL: stack-based buffer overflow via setting a password (CVE-2019-10164)

    * PostgreSQL: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9290 advisory.

    - Rebase to upstream release 10.15       Resolves: CVE-2020-25695       Resolves: CVE-2020-25694       Resolves: CVE-2020-25696

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:3669 advisory.

  - postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)

  - postgresql: Stack-based buffer overflow via setting a password (CVE-2019-10164)

  - postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)

  - postgresql: Uncontrolled search path element in logical replication (CVE-2020-14349)

  - postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)

  - postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0166 advisory.

    PostgreSQL is an advanced object-relational database management system (DBMS).

    The following packages have been upgraded to a later upstream version: postgresql (10.15).

    Security Fix(es):

    * postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)

    * postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)

    * postgresql: Stack-based buffer overflow via setting a password (CVE-2019-10164)

    * postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)

    * postgresql: Uncontrolled search path element in logical replication (CVE-2020-14349)

    * postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)

    * postgresql: psql's \gset allows overwriting specially treated variables (CVE-2020-25696)

    * postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)

    * postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5664 advisory.

    PostgreSQL is an advanced object-relational database management system (DBMS).

    The following packages have been upgraded to a later upstream version: postgresql (10.15).

    Security Fix(es):

    * postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)

    * postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)

    * postgresql: Stack-based buffer overflow via setting a password (CVE-2019-10164)

    * postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)

    * postgresql: Uncontrolled search path element in logical replication (CVE-2020-14349)

    * postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)

    * postgresql: psql's \gset allows overwriting specially treated variables (CVE-2020-25696)

    * postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)

    * postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-3669 advisory.

    [10.14-1]
    - Rebase to upstream release 10.14       Fixes RHBZ#1727803       Fixes RHBZ#1741489       Fixes RHBZ#1709196

    [10.13-1]
    - Rebase to upstream release 10.13       Fixes RHBZ#1727803       Fixes RHBZ#1741489       Fixes RHBZ#1709196

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3669 advisory.

    PostgreSQL is an advanced object-relational database management system (DBMS).

    The following packages have been upgraded to a later upstream version: postgresql (10.14).

    Security Fix(es):

    * postgresql: Stack-based buffer overflow via setting a password (CVE-2019-10164)

    * postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)

    * postgresql: Uncontrolled search path element in logical replication (CVE-2020-14349)

    * postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)

    * postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)

    * postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * Module stream postgresql:10 does not have correct module.md file (BZ#1857228)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202003-03 (PostgreSQL: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in PostgreSQL. Please       review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could possibly execute arbitrary code with the       privileges of the process, bypass certain client-side connection security       features, read arbitrary server memory, alter certain data or cause a       Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

According to the version of the postgresql packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - PostgreSQL versions 10.x before 10.9 and versions 11.x     before 11.4 are vulnerable to a stack-based buffer     overflow. Any authenticated user can overflow a     stack-based buffer by changing the user's own password     to a purpose-crafted value. This often suffices to     execute arbitrary code as the PostgreSQL operating     system account.(CVE-2019-10164)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for postgresql10 fixes the following issues :

Security issue fixed :

CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing (bsc#1138034).

CVE-2019-10130: Prevent row-level security policies from being bypassed via selectivity estimators (bsc#1134689).

Bug fixes: For a complete list of fixes check the release notes.

    - https://www.postgresql.org/docs/10/release-10-9.html

    - https://www.postgresql.org/docs/10/release-10-8.html

    - https://www.postgresql.org/docs/10/release-10-7.html

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for postgresql10 to version 10.9 fixes the following issue :

Security issue fixed :

CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing (bsc#1138034).

More information at https://www.postgresql.org/docs/10/release-10-9.html

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

New upstream release 10.9 Per release notes:
https://www.postgresql.org/docs/10/release-10-9.html

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

New upstream release 11.4 Per release notes:
https://www.postgresql.org/docs/11/release-11-4.html

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for postgresql10 fixes the following issues :

Security issue fixed :

  - CVE-2019-10164: Fixed buffer-overflow vulnerabilities in     SCRAM verifier parsing (bsc#1138034).

  - CVE-2019-10130: Prevent row-level security policies from     being bypassed via selectivity estimators (bsc#1134689).

Bug fixes :

  - For a complete list of fixes check the release notes.

    - https://www.postgresql.org/docs/10/release-10-9.html

    - https://www.postgresql.org/docs/10/release-10-8.html

    - https://www.postgresql.org/docs/10/release-10-7.html

This update was imported from the SUSE:SLE-15:Update update project.

The PostgreSQL project reports :

An authenticated user could create a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could be further exploited to execute arbitrary code as the PostgreSQL operating system account.

Additionally, a rogue server could send a specifically crafted message during the SCRAM authentication process and cause a libpq-enabled client to either crash or execute arbitrary code as the client's operating system account.

This issue is fixed by upgrading and restarting your PostgreSQL server as well as your libpq installations. All users running PostgreSQL 10, 11, and 12 beta are encouraged to upgrade as soon as possible.

The version of PostgreSQL installed on the remote host is 10.x prior to 10.9 or 11.x prior to 11.4. As such, it is potentially affected by a stack overflow vulnerability. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4027-1 advisory.

    Alexander Lakhin discovered that PostgreSQL incorrectly handled authentication. An authenticated attacker     or a rogue server could use this issue to cause PostgreSQL to crash, resulting in a denial of service, or     possibly execute arbitrary code. The default compiler options for affected releases should reduce the     vulnerability to a denial of service.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
203024	Photon OS 3.0: Postgresql PHSA-2019-3.0-0023	Nessus	PhotonOS Local Security Checks	high
202855	Photon OS 2.0: Postgresql PHSA-2019-2.0-0167	Nessus	PhotonOS Local Security Checks	high
170334	RHEL 7 : rh-postgresql10-postgresql (RHSA-2020:0980)	Nessus	Red Hat Local Security Checks	high
150722	Oracle Linux 7 : rh-postgresql10-postgresql (ELSA-2021-9290)	Nessus	Oracle Linux Local Security Checks	high
145882	CentOS 8 : postgresql:10 (CESA-2020:3669)	Nessus	CentOS Local Security Checks	high
145243	RHEL 8 : postgresql:10 (RHSA-2021:0166)	Nessus	Red Hat Local Security Checks	high
144559	RHEL 8 : postgresql:10 (RHSA-2020:5664)	Nessus	Red Hat Local Security Checks	high
140486	Oracle Linux 8 : postgresql:10 (ELSA-2020-3669)	Nessus	Oracle Linux Local Security Checks	high
140398	RHEL 8 : postgresql:10 (RHSA-2020:3669)	Nessus	Red Hat Local Security Checks	high
134470	GLSA-202003-03 : PostgreSQL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
128193	EulerOS 2.0 SP8 : postgresql (EulerOS-SA-2019-1824)	Nessus	Huawei Local Security Checks	high
127752	SUSE SLED15 / SLES15 Security Update : postgresql10 (SUSE-SU-2019:2012-1)	Nessus	SuSE Local Security Checks	high
127744	SUSE SLES12 Security Update : postgresql10 (SUSE-SU-2019:1783-2)	Nessus	SuSE Local Security Checks	high
127085	Fedora 29 : postgresql (2019-e43f49b428)	Nessus	Fedora Local Security Checks	high
127081	Fedora 30 : libpq / postgresql (2019-9f04a701c0)	Nessus	Fedora Local Security Checks	high
126955	Photon OS 1.0: Postgresql PHSA-2019-1.0-0243	Nessus	PhotonOS Local Security Checks	high
126905	openSUSE Security Update : postgresql10 (openSUSE-2019-1773)	Nessus	SuSE Local Security Checks	high
126618	SUSE SLED15 / SLES15 Security Update : postgresql10 (SUSE-SU-2019:1810-1)	Nessus	SuSE Local Security Checks	high
126595	SUSE SLED12 / SLES12 Security Update : postgresql10 (SUSE-SU-2019:1783-1)	Nessus	SuSE Local Security Checks	high
126315	FreeBSD : PostgreSQL -- Stack-based buffer overflow via setting a password (245629d4-991e-11e9-82aa-6cc21735f730)	Nessus	FreeBSD Local Security Checks	high
126309	PostgreSQL 10.x < 10.9 / 11.x < 11.4 Stack Overflow Vulnerability (CVE-2019-10164)	Nessus	Databases	high
126098	Ubuntu 18.04 LTS : PostgreSQL vulnerability (USN-4027-1)	Nessus	Ubuntu Local Security Checks	high

Detections

Analytics

CVE-2019-10164

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high