Note: This is an archival copy of Security Sun Alert 200559 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000426.1.
Solaris 10 Operating System
Date of Workaround Release
Date of Resolved Release
Multiple Security Vulnerabilities in PostgreSQL Shipped with Solaris 10 May Allow Elevation of Privileges or Denial of Service (DoS) (see details below)
Multiple security vulnerabilities affecting the PostgreSQL software shipped with Solaris 10 may allow a local or remote user who has access to the PostgreSQL server to cause a Denial of Service (DoS) to the PostgreSQL instance or the server it runs on (due to excessive resource consumption), or to gain elevated privileges on the server.
These issues are described in the following documents:
Official PostgreSQL annoucement: http://www.postgresql.org/about/news.905
CVE-2007-4769 at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4769
CVE-2007-4772 at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772
CVE-2007-6067 at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6067
CVE-2007-6600 at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6600
CVE-2007-6601 at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6601
CVE-2007-3278 at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3278
2. Contributing Factors
These issues can occur in the following releases:
To determine if a version of PostgreSQL is installed, a command such as the following can be used:
$ pkginfo | grep SUNWpostgr system SUNWpostgr PostgreSQL 8.1.9 client programs and libraries system SUNWpostgr-82-client PostgreSQL 8.2 client tools
To determine if PostgreSQL is running on a server, a command such as the following can be run as the user 'postgres' (or the 'root' user):
for PostgreSQL 8.1:
$ pg_ctl status -D /var/lib/pgsql/data/ pg_ctl: neither postmaster nor postgres running
for PostgreSQL 8.2:
$ /usr/postgres/8.2/bin/pg_ctl status -D /var/postgres/8.2/data/ pg_ctl: server is running (PID: 395) /usr/postgres/8.2/bin/postgres -D /var/postgres/8.2/data
or (where applicable):
$ svcs postgresql STATE STIME FMRI disabled 19:42:27 svc:/application/database/postgresql:version_81 online 19:43:03 svc:/application/database/postgresql:version_823. Symptoms
There are no predictable symptoms that would indicate these issues have been exploited to gain elevated privileges on the server.
When these issues are exploited to cause a Denial of Service (DoS), system response may be slow and the postgres(1) process may crash, potentially leaving a core file.4. Workaround
There is no workaround for these issues. Please see the Resolution section below.
These issues are addressed in the following releases:
For more information on Security Sun Alerts, see Sun 1009886.1.
05-FEB-2008: Updated Contributing Factors and Resolution sections, now RESOLVED
30-Jan-2008: Updated Contributing Factors and Resolution sections
This solution has no attachment