NewStart CGSL CORE 5.04 / MAIN 5.04 : postgresql Multiple Vulnerabilities (NS-SA-2021-0109)

high Nessus Plugin ID 154465

Synopsis

The remote NewStart CGSL host is affected by multiple vulnerabilities.

Description

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has postgresql packages installed that are affected by multiple vulnerabilities:

- A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. (CVE-2019-10208)

- A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in- the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
(CVE-2020-25694)

- A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25695)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade the vulnerable CGSL postgresql packages. Note that updated packages may not be available yet. Please contact ZTE for more information.

See Also

http://security.gd-linux.com/notice/NS-SA-2021-0109

http://security.gd-linux.com/info/CVE-2019-10208

http://security.gd-linux.com/info/CVE-2020-25694

http://security.gd-linux.com/info/CVE-2020-25695

Plugin Details

Severity: High

ID: 154465

File Name: newstart_cgsl_NS-SA-2021-0109_postgresql.nasl

Version: 1.3

Type: local

Published: 10/27/2021

Updated: 5/9/2022

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-25694

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2020-25695

Vulnerability Information

CPE: p-cpe:/a:zte:cgsl_core:postgresql, p-cpe:/a:zte:cgsl_core:postgresql-contrib, p-cpe:/a:zte:cgsl_core:postgresql-debuginfo, p-cpe:/a:zte:cgsl_core:postgresql-devel, p-cpe:/a:zte:cgsl_core:postgresql-docs, p-cpe:/a:zte:cgsl_core:postgresql-libs, p-cpe:/a:zte:cgsl_core:postgresql-plperl, p-cpe:/a:zte:cgsl_core:postgresql-plpython, p-cpe:/a:zte:cgsl_core:postgresql-pltcl, p-cpe:/a:zte:cgsl_core:postgresql-server, p-cpe:/a:zte:cgsl_core:postgresql-static, p-cpe:/a:zte:cgsl_core:postgresql-test, p-cpe:/a:zte:cgsl_core:postgresql-upgrade, p-cpe:/a:zte:cgsl_main:postgresql, p-cpe:/a:zte:cgsl_main:postgresql-contrib, p-cpe:/a:zte:cgsl_main:postgresql-debuginfo, p-cpe:/a:zte:cgsl_main:postgresql-devel, p-cpe:/a:zte:cgsl_main:postgresql-docs, p-cpe:/a:zte:cgsl_main:postgresql-libs, p-cpe:/a:zte:cgsl_main:postgresql-plperl, p-cpe:/a:zte:cgsl_main:postgresql-plpython, p-cpe:/a:zte:cgsl_main:postgresql-pltcl, p-cpe:/a:zte:cgsl_main:postgresql-server, p-cpe:/a:zte:cgsl_main:postgresql-static, p-cpe:/a:zte:cgsl_main:postgresql-test, p-cpe:/a:zte:cgsl_main:postgresql-upgrade, cpe:/o:zte:cgsl_core:5, cpe:/o:zte:cgsl_main:5

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 9/24/2021

Vulnerability Publication Date: 8/8/2019

Reference Information

CVE: CVE-2019-10208, CVE-2020-25694, CVE-2020-25695

IAVB: 2019-B-0072-S, 2020-B-0069-S