Bug 639371 - (CVE-2010-3433) CVE-2010-3433 PostgreSQL (PL/Perl, PL/Tcl): SECURITY DEFINER function keyword bypass
CVE-2010-3433 PostgreSQL (PL/Perl, PL/Tcl): SECURITY DEFINER function keyword...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
public=20101005,reported=20100926,sou...
: Security
Depends On: 639928 639929 639930 639931 639932 639933 639934 640069 640090 640433 812235 812242
Blocks:
  Show dependency treegraph
 
Reported: 2010-10-01 11:11 EDT by Jan Lieskovsky
Modified: 2018-03-01 07:52 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-10-07 12:52:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2010:0742 normal SHIPPED_LIVE Moderate: postgresql and postgresql84 security update 2010-10-06 06:29:19 EDT
Red Hat Product Errata RHSA-2010:0908 normal SHIPPED_LIVE Moderate: postgresql security update 2010-11-23 11:00:10 EST

  None (edit)
Description Jan Lieskovsky 2010-10-01 11:11:42 EDT
A flaw was found in the way PostgreSQL handled SQL functions, created
with SECURITY DEFINER keyword and implemented in PL/Perl or PL/Tcl
languages. Once the PL/Perl or PL/Tcl procedural language was registered
on particular database, a remote, authenticated user, running a
specially-crafted PL/Perl or PL/Tcl script could use this flaw to bypass
intended PostgreSQL SECURITY DEFINER function definition refinement /
protection mechanism, allowing them to run particular PostgreSQL function
under their effective user ID, potentially leading to escalation of their
privileges.

References:
[1] http://www.postgresql.org/docs/8.1/interactive/plperl.html
[2] http://www.postgresql.org/docs/8.1/static/pltcl.html
[3] http://www.postgresql.org/docs/8.1/interactive/sql-createfunction.html
Comment 13 Jan Lieskovsky 2010-10-05 15:36:41 EDT
Created postgresql tracking bugs for this issue

Affects: fedora-all [bug 640433]
Comment 14 errata-xmlrpc 2010-10-06 06:29:34 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2010:0742 https://rhn.redhat.com/errata/RHSA-2010-0742.html
Comment 15 Tomas Hoger 2010-10-06 12:39:55 EDT
Upstream wiki page with additional details and FAQ:
  http://wiki.postgresql.org/wiki/20101005securityrelease
Comment 16 errata-xmlrpc 2010-11-23 11:00:18 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2010:0908 https://rhn.redhat.com/errata/RHSA-2010-0908.html

Note You need to log in before you can comment on or make changes to this bug.