PT-2016-1364 · Postgresql+2 · Postgresql+2

Noah Misch

Publicado

2016-02-11

Atualizado

2024-06-15

CVE-2016-0766

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 9.1.20 PostgreSQL versions 9.2.x prior to 9.2.15 PostgreSQL versions 9.3.x prior to 9.3.11 PostgreSQL versions 9.4.x prior to 9.4.6 PostgreSQL versions 9.5.x prior to 9.5.1

Description The issue is related to improper access restriction to custom configuration settings (GUCS) for PL/Java in PostgreSQL, allowing attackers to gain privileges via unspecified vectors. This can be exploited by a remote attacker to elevate their privileges.

Recommendations For versions prior to 9.1.20, update to version 9.1.20 or later. For versions 9.2.x prior to 9.2.15, update to version 9.2.15 or later. For versions 9.3.x prior to 9.3.11, update to version 9.3.11 or later. For versions 9.4.x prior to 9.4.6, update to version 9.4.6 or later. For versions 9.5.x prior to 9.5.1, update to version 9.5.1 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

BDU:2016-00663

CVE-2016-0766

DSA-3475-1

DSA-3476-1

MGASA-2016-0085

OPENSUSE-SU-2016_0531-1

OPENSUSE-SU-2016_0578-1

OPENSUSE-SU-2024:10030-1

OPENSUSE-SU-2024:10256-1

OPENSUSE-SU-2024:10273-1

SUSE-SU-2016:0539-1

SUSE-SU-2016:0555-1

SUSE-SU-2016:0677-1

USN-2894-1

Produtos afetados

Postgresql

Suse

Ubuntu

PT-2016-1364 · Postgresql+2 · Postgresql+2

CVE-2016-0766

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 88