Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.108614 |
Categoría: | Databases |
Título: | PostgreSQL 9.4.x < 9.4.22, 9.5.x < 9.5.17, 9.6.x < 9.6.13, 10.x < 10.8, 11.x < 11.3 Code Execution Vulnerability (Windows) |
Resumen: | PostgreSQL is prone to an arbitrary code execution vulnerability due to; BigSQL and EnterpriseDB Windows installer not clearing permissive ACL entries. |
Descripción: | Summary: PostgreSQL is prone to an arbitrary code execution vulnerability due to BigSQL and EnterpriseDB Windows installer not clearing permissive ACL entries. Vulnerability Insight: Due to both the EnterpriseDB and BigSQL Windows installers not locking down the permissions of the PostgreSQL binary installation directory and the data directory, an unprivileged Windows user account and an unprivileged PostgreSQL account could cause the PostgreSQL service account to execute arbitrary code. This vulnerability is present in all supported versions of PostgreSQL for these installers, and possibly exists in older versions. Both sets of installers have fixed the permissions for these directories for both new and existing installations. If you have installed PostgreSQL on Windows using other methods, we advise that you check that your PostgreSQL binary directories are writable only to trusted users and that your data directories are only accessible to trusted users. Affected Software/OS: PostgreSQL versions 9.4.x, 9.5.x, 9.6.x, 10.x and 11.x installed on Windows via BigSQL or EnterpriseDB installer. Solution: Update to version 9.4.22, 9.5.17, 9.6.13, 10.8, 11.3 or later. CVSS Score: 4.3 CVSS Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-10127 Common Vulnerability Exposure (CVE) ID: CVE-2019-10128 |
Copyright | Copyright (C) 2019 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |