Bug 1734461 (CVE-2019-10211) - CVE-2019-10211 postgresql: Windows installer bundled OpenSSL executes code from unprotected directory
Summary: CVE-2019-10211 postgresql: Windows installer bundled OpenSSL executes code fr...
Alias: CVE-2019-10211
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1739210 1739213 1739216
Blocks: 1734467
TreeView+ depends on / blocked
Reported: 2019-07-30 15:17 UTC by msiddiqu
Modified: 2020-06-23 18:21 UTC (History)
44 users (show)

Fixed In Version: postgresql 11.5, postgresql 10.10, postgresql 9.6.15, postgresql 9.5.19, postgresql 9.4.24
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2019-08-20 08:20:37 UTC

Attachments (Terms of Use)

Description msiddiqu 2019-07-30 15:17:18 UTC
When the database server or libpq client library initializes SSL, libeay32.dll
attempts to read configuration from a hard-coded directory.  Typically, the
directory does not exist, but any local user could create it and inject
configuration.  This configuration can direct OpenSSL to load and execute
arbitrary code as the user running a PostgreSQL server or client.  Most
PostgreSQL client tools and libraries use libpq, and one can encounter this
vulnerability by using any of them.  This vulnerability is much like
CVE-2019-5443, but it originated independently.  One can work around the
vulnerability by setting environment variable OPENSSL_CONF to
"NUL:/openssl.cnf" or any other name that cannot exist as a file.

Comment 4 msiddiqu 2019-08-07 11:45:24 UTC

Name: the PostgreSQL project
Upstream: Daniel Gustafsson (Curl security team)

Comment 7 msiddiqu 2019-08-08 18:40:08 UTC
Created mingw-postgresql tracking bugs for this issue:

Affects: epel-7 [bug 1739216]
Affects: fedora-all [bug 1739210]

Created postgresql tracking bugs for this issue:

Affects: fedora-all [bug 1739213]

Comment 8 msiddiqu 2019-08-09 09:44:39 UTC
External References:


Note You need to log in before you can comment on or make changes to this bug.