Note: This is an archival copy of Security Sun Alert 200559 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000426.1.
Article ID : 1000426.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2008-02-04
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Multiple Security Vulnerabilities in PostgreSQL Shipped with Solaris 10 May Allow Elevation of Privileges or Denial of Service (DoS)

Category
Security

Release Phase
Resolved

Bug Id
6643754, 6643743

Product
Solaris 10 Operating System

Date of Workaround Release
30-JAN-2008

Date of Resolved Release
05-FEB-2008

Multiple Security Vulnerabilities in PostgreSQL Shipped with Solaris 10 May Allow Elevation of Privileges or Denial of Service (DoS) (see details below)

1. Impact

Multiple security vulnerabilities affecting the PostgreSQL software shipped with Solaris 10 may allow a local or remote user who has access to the PostgreSQL server to cause a Denial of Service (DoS) to the PostgreSQL instance or the server it runs on (due to excessive resource consumption), or to gain elevated privileges on the server.

These issues are described in the following documents:

Official PostgreSQL annoucement: http://www.postgresql.org/about/news.905

CVE-2007-4769 at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4769

CVE-2007-4772 at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772

CVE-2007-6067 at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6067

CVE-2007-6600 at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6600

CVE-2007-6601 at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6601

CVE-2007-3278 at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3278


2. Contributing Factors

These issues can occur in the following releases:

SPARC Platform

  • Solaris 10 PostgreSQL 8.1 without patch 123590-08
  • Solaris 10 PostgreSQL 8.2 without patch 136998-02

x86 Platform

  • Solaris 10 PostgreSQL 8.1 without patch 123591-08
  • Solaris 10 PostgreSQL 8.2 without patch 136999-02

Notes:

  1. Solaris 8 and 9 do not ship with PostgreSQL and are not impacted by this issue.
  2. A user exploiting this vulnerability must have an account on the PostgreSQL server.
  3. This issue affects PostgreSQL versions 7.4.x prior to 7.4.19, 8.0.x prior to 8.0.15, 8.1.x prior to 8.1.11 and 8.2.x prior to 8.2.6.
  4. Only systems which have PostgreSQL installed and running are impacted by these issues.
  5. Both PostgreSQL 8.1 (SUNWpostgr) and 8.2 (packages beginning with SUNWpostgr-82) can be installed at the same time and are separately impacted by these vulnerabilities.

To determine if a version of PostgreSQL is installed, a command such as the following can be used:

    $ pkginfo | grep SUNWpostgr
    system      SUNWpostgr             PostgreSQL 8.1.9 client programs and libraries
    system      SUNWpostgr-82-client   PostgreSQL 8.2 client tools

To determine if PostgreSQL is running on a server, a command such as the following can be run as the user 'postgres' (or the 'root' user):

for PostgreSQL 8.1:

    $ pg_ctl status -D /var/lib/pgsql/data/
    pg_ctl: neither postmaster nor postgres running

for PostgreSQL 8.2:

    $ /usr/postgres/8.2/bin/pg_ctl status -D /var/postgres/8.2/data/
    pg_ctl: server is running (PID: 395)
    /usr/postgres/8.2/bin/postgres -D /var/postgres/8.2/data

or (where applicable):

    $ svcs  postgresql
    STATE          STIME    FMRI
    disabled       19:42:27 svc:/application/database/postgresql:version_81
    online         19:43:03 svc:/application/database/postgresql:version_82
3. Symptoms

There are no predictable symptoms that would indicate these issues have been exploited to gain elevated privileges on the server.

When these issues are exploited to cause a Denial of Service (DoS), system response may be slow and the postgres(1) process may crash, potentially leaving a core file.

4. Workaround

There is no workaround for these issues. Please see the Resolution section below.

5. Resolution

These issues are addressed in the following releases:

SPARC Platform

  • Solaris 10 PostgreSQL 8.1 with patch 123590-08 or later
  • Solaris 10 PostgreSQL 8.2 with patch 136998-02 or later

x86 Platform

  • Solaris 10 PostgreSQL 8.1 with patch 123591-08 or later
  • Solaris 10 PostgreSQL 8.2 with patch 136999-02 or later

For more information on Security Sun Alerts, see Sun 1009886.1.

This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements.

Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.


Modification History
05-FEB-2008: Updated Contributing Factors and Resolution sections, now RESOLVED
30-Jan-2008: Updated Contributing Factors and Resolution sections


References
 136998-02

 136999-02

 123590-08

 123591-08



                                       


Attachments
This solution has no attachment