Note: This is an archival copy of Security Sun Alert 274870 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1021746.1. |
Category Security Release Phase Resolved 6909139, 6909140, 6909142 Product Solaris 10 Operating System OpenSolaris Date of Workaround Release 24-Dec-2009 Date of Resolved Release 19-Jan-2010 Security Vulnerabilities in PostgreSQL Shipped With Solaris May Allow Escalation of Privileges or Man-in-the-Middle on SSL Connections 1. Impact Multiple security vulnerabilities have been identified in the PostgreSQL software shipped with Solaris. These vulnerabilities may allow a remote authenticated user with certain privileges to gain extra privileges via a table with a crafted index function. Further vulnerabilities may allow man-in-the-middle attacks on SSL based PostgreSQL servers by substituting malicious SSL certificates for trusted ones. These issues are described in the following documents: Official PostgreSQL annoucement at http://www.postgresql.org/about/news.1170
CVE-2009-4034 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4034
CVE-2009-4136 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4136 2. Contributing Factors These issues can occur in the following releases: SPARC Platform
1. Solaris 8 and 9 do not ship with PostgreSQL and are not impacted by these issues. 2. A user must have an account on the PostgreSQL server to exploit the issue described in CVE-2009-4136. 3. The CVE-2009-4034 and CVE-2009-4136 issues affect PostgreSQL 7.4.x prior to 7.4.27, 8.0.x prior to 8.0.23, 8.1.x prior to 8.1.19, 8.2.x prior to 8.2.15 and 8.3.x prior to 8.3.9 and versions 8.4.x prior to 8.4.2. 4. PostgreSQL 8.1 (SUNWpostgr), 8.2 (packages beginning with SUNWpostgr-82) and 8.3 (packages beginning with SUNWpostgr-83) can be installed at the same time and are separately impacted by these vulnerabilities. To determine if a version of PostgreSQL is installed, a command such as the following can be used: $ pkginfo | grep SUNWpostgrTo determine if PostgreSQL is running on a server, a command such as the following can be run as the user 'postgres' (or the 'root' user): for PostgreSQL 8.1: $ pg_ctl status -D /var/lib/pgsql/data/for PostgreSQL 8.2: $ /usr/postgres/8.2/bin/pg_ctl status -D /var/postgres/8.2/data/for PostgreSQL 8.3: $ /usr/postgres/8.3/bin/pg_ctl status -D /var/postgres/8.3/data/or (where applicable): $ svcs -a | grep postgresql 3. Symptoms There are no predictable symptoms that would indicate the described issues have been exploited. 4. Workaround To prevent the issue described in CVE-2009-4136 from being freshly exploited, the database administrator can revoke the "create" privilege from users by running the following commands: REVOKE CREATE ON SCHEMA <schema>
FROM <user>;
or REVOKE CREATE ON TABLESPACE
<tablespace> FROM <user>;
5. Resolution These issues are addressed in the following releases: SPARC Platform
For more information on Security Sun Alerts, see 1009886.1. This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements. Copyright 2000-2010 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved. Modification History 15-Jan-2010: Updated Contributing Factors and Resolution sections 19-Jan-2010: Updated Contributing Factors and Resolution sections; now Resolved References138827-06138826-06 123590-12 123591-12 136998-08 136999-08 137000-06 137001-06 137004-07 137005-07 138822-06 138823-06 138824-06 138825-06 Attachments This solution has no attachment |
|