Bug 2022666 (CVE-2021-23214)

Summary: CVE-2021-23214 postgresql: server processes unencrypted bytes from man-in-the-middle
Product: [Other] Security Response Reporter: Marian Rehak <mrehak>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aileenc, akoufoud, alazarot, almorale, anon.amish, anstephe, aos-bugs, asakala, avibelli, bdettelb, bgeorges, bibryam, caswilli, cbuissar, chazlett, clement.escoffier, dandread, databases-maint, devrim, dkreling, drieden, eric.wittmann, etirelli, fjansen, fjanus, ggastald, ggaughan, gmalinko, gmorling, gsmet, hamadhan, hbraun, hhorak, ibek, janstey, jmlich83, jnakfour, jnethert, jochrist, jorton, jpallich, jpechane, jrokos, jstastny, jwon, kaycoth, krathod, kverlaen, loleary, lthon, mike, mnovotny, mszynkie, mvanderw, panovotn, pantinor, pdelbell, peholase, pgallagh, pjindal, pkubat, praiskup, probinso, psegedy, rfreiman, rrajasek, rruss, rsvoboda, sbiarozk, sdouglas, spinder, tgl, theute, tzimanyi
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: postgresql 9.6.24, postgresql 10.19, postgresql 11.14, postgresql 12.9, postgresql 13.5, postgresql 14.1 Doc Type: If docs needed, set a value
Doc Text:
It was found that a PostgreSQL server could accept plain text data during the establishment of an SSL connection. When a user is requesting a certificate based authentication, an active Person in the Middle could use this flaw in order to inject arbitrary SQL commands.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-12-21 10:50:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2022667, 2022668, 2022669, 2022670, 2022671, 2022672, 2022673, 2022674, 2023231, 2023232, 2023233, 2023234, 2023235, 2023236, 2023237, 2023301, 2028598, 2031509, 2031510    
Bug Blocks: 2021380    

Description Marian Rehak 2021-11-12 10:34:48 UTC 
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.

Upstream Advisory:

https://www.postgresql.org/support/security/CVE-2021-23214/
Comment 1 Marian Rehak 2021-11-12 10:35:53 UTC 
Created mingw-postgresql tracking bugs for this issue:

Affects: fedora-all [bug 2022667]


Created postgresql tracking bugs for this issue:

Affects: fedora-all [bug 2022673]


Created postgresql:10/postgresql tracking bugs for this issue:

Affects: fedora-all [bug 2022668]


Created postgresql:11/postgresql tracking bugs for this issue:

Affects: fedora-all [bug 2022669]


Created postgresql:12/postgresql tracking bugs for this issue:

Affects: fedora-all [bug 2022670]


Created postgresql:13/postgresql tracking bugs for this issue:

Affects: fedora-all [bug 2022671]


Created postgresql:14/postgresql tracking bugs for this issue:

Affects: fedora-all [bug 2022674]


Created postgresql:9.6/postgresql tracking bugs for this issue:

Affects: fedora-34 [bug 2022672]
Comment 2 Tomas Hoger 2021-11-12 10:42:55 UTC 
Upstream commit:

https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=28e24125541545483093819efae9bca603441951
Comment 6 errata-xmlrpc 2021-12-16 11:45:46 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7

Via RHSA-2021:5179 https://access.redhat.com/errata/RHSA-2021:5179
Comment 7 errata-xmlrpc 2021-12-16 18:19:32 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7

Via RHSA-2021:5197 https://access.redhat.com/errata/RHSA-2021:5197
Comment 8 errata-xmlrpc 2021-12-21 09:57:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:5235 https://access.redhat.com/errata/RHSA-2021:5235
Comment 9 errata-xmlrpc 2021-12-21 09:58:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:5236 https://access.redhat.com/errata/RHSA-2021:5236
Comment 10 Product Security DevOps Team 2021-12-21 10:50:25 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-23214
Comment 11 errata-xmlrpc 2022-05-10 13:41:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1830 https://access.redhat.com/errata/RHSA-2022:1830