Thread: BUG #15731: CVE-2019-9193
The following bug has been logged on the website: Bug reference: 15731 Logged by: Abhijit Rajwade Email address: abhijit_rajwade@bmc.com PostgreSQL version: 11.2 Operating system: Linux Description: Sonatype Nexus Audior is reporting the following Threat level 9 vulnerability on Postgres Vulnerability Issue CVE-2019-9193 Severity Sonatype CVSS 3.0: 9.8 Weakness Sonatype CWE: 94 Source National Vulnerability Database Categories Data Description Description from CVE In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_read_server_files' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. Root Cause postgresql-42.2.5.jar : [9.3, ) Advisories Third Party: https://github.com/iiiusky/vulhub/commit/88c8816c6f8825030ade34c63c745757ca818fc0#diff-ceb08c22f5e392636bdb77b8562ce0fd Third Party: https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5 CVSS Details Sonatype CVSS 3.0: 9.8 CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Can you please have the above Security vulnerability fixed? --- Abhijit Rajwade
The following bug has been logged on the website:
Bug reference: 15731
Logged by: Abhijit Rajwade
Email address: abhijit_rajwade@bmc.com
PostgreSQL version: 11.2
Operating system: Linux
Description:
Sonatype Nexus Audior is reporting the following Threat level 9
vulnerability on Postgres
Vulnerability
Issue CVE-2019-9193
Severity Sonatype CVSS 3.0: 9.8
Weakness Sonatype CWE: 94
Source National Vulnerability Database
Categories Data
Description
Description from CVE
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows
superusers and users in the 'pg_read_server_files' group to execute
arbitrary code in the context of the database's operating system user. This
functionality is enabled by default and can be abused to run arbitrary
operating system commands on Windows, Linux, and macOS.
Root Cause
postgresql-42.2.5.jar : [9.3, )
Advisories
Third Party:
https://github.com/iiiusky/vulhub/commit/88c8816c6f8825030ade34c63c745757ca818fc0#diff-ceb08c22f5e392636bdb77b8562ce0fd
Third Party:
https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5
CVSS Details
Sonatype CVSS 3.0: 9.8
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Can you please have the above Security vulnerability fixed?
--- Abhijit Rajwade
Magnus,
If this is mis-configured, can you please advise what configuration is needed to prevent this vulnerability?
Thx & Regards
--- Abhijit Rajwade
From: Magnus Hagander [mailto:magnus@hagander.net]
Sent: Wednesday, April 03, 2019 1:13 PM
To: Rajwade, Abhijit; pgsql-bugs@lists.postgresql.org
Subject: [EXTERNAL] Re: BUG #15731: CVE-2019-9193
This is not a security vulnerability in the product. It is behaving exactly as intended. It may be misconfigured in some deployments, but it's not a product vulnerability.
/Magnus
On Wed, Apr 3, 2019, 09:39 PG Bug reporting form <noreply@postgresql.org> wrote:
The following bug has been logged on the website:
Bug reference: 15731
Logged by: Abhijit Rajwade
Email address: abhijit_rajwade@bmc.com
PostgreSQL version: 11.2
Operating system: Linux
Description:
Sonatype Nexus Audior is reporting the following Threat level 9
vulnerability on Postgres
Vulnerability
Issue CVE-2019-9193
Severity Sonatype CVSS 3.0: 9.8
Weakness Sonatype CWE: 94
Source National Vulnerability Database
Categories Data
Description
Description from CVE
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows
superusers and users in the 'pg_read_server_files' group to execute
arbitrary code in the context of the database's operating system user. This
functionality is enabled by default and can be abused to run arbitrary
operating system commands on Windows, Linux, and macOS.
Root Cause
postgresql-42.2.5.jar : [9.3, )
Advisories
Third Party:
https://github.com/iiiusky/vulhub/commit/88c8816c6f8825030ade34c63c745757ca818fc0#diff-ceb08c22f5e392636bdb77b8562ce0fd
Third Party:
https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5
CVSS Details
Sonatype CVSS 3.0: 9.8
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Can you please have the above Security vulnerability fixed?
--- Abhijit Rajwade
Magnus,
If this is mis-configured, can you please advise what configuration is needed to prevent this vulnerability?
Thx & Regards
--- Abhijit Rajwade
From: Magnus Hagander [mailto:magnus@hagander.net]
Sent: Wednesday, April 03, 2019 1:13 PM
To: Rajwade, Abhijit; pgsql-bugs@lists.postgresql.org
Subject: [EXTERNAL] Re: BUG #15731: CVE-2019-9193
This is not a security vulnerability in the product. It is behaving exactly as intended. It may be misconfigured in some deployments, but it's not a product vulnerability.
/Magnus
On Wed, Apr 3, 2019, 09:39 PG Bug reporting form <noreply@postgresql.org> wrote:
The following bug has been logged on the website:
Bug reference: 15731
Logged by: Abhijit Rajwade
Email address: abhijit_rajwade@bmc.com
PostgreSQL version: 11.2
Operating system: Linux
Description:
Sonatype Nexus Audior is reporting the following Threat level 9
vulnerability on Postgres
Vulnerability
Issue CVE-2019-9193
Severity Sonatype CVSS 3.0: 9.8
Weakness Sonatype CWE: 94
Source National Vulnerability Database
Categories Data
Description
Description from CVE
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows
superusers and users in the 'pg_read_server_files' group to execute
arbitrary code in the context of the database's operating system user. This
functionality is enabled by default and can be abused to run arbitrary
operating system commands on Windows, Linux, and macOS.
Root Cause
postgresql-42.2.5.jar : [9.3, )
Advisories
Third Party:
https://github.com/iiiusky/vulhub/commit/88c8816c6f8825030ade34c63c745757ca818fc0#diff-ceb08c22f5e392636bdb77b8562ce0fd
Third Party:
https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5
CVSS Details
Sonatype CVSS 3.0: 9.8
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Can you please have the above Security vulnerability fixed?
--- Abhijit Rajwade