Mandriva Linux Security Advisory - PostgreSQL 8.1 and probably later and earlier versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1. PostgreSQL 8.1 and probably later and earlier versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection. The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.
25a0c70c9813bfaedfc228bc8e7892c1430ac76c2a3b7232fe0568c80eac73f2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:188
https://www.mandriva.com/security/
_______________________________________________________________________
Package : postgresql
Date : September 25, 2007
Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
PostgreSQL 8.1 and probably later and earlier versions, when local
trust authentication is enabled and the Database Link library (dblink)
is installed, allows remote attackers to access arbitrary accounts
and execute arbitrary SQL queries via a dblink host parameter that
proxies the connection from 127.0.0.1. (CVE-2007-3278)
PostgreSQL 8.1 and probably later and earlier versions, when the
PL/pgSQL (plpgsql) language has been created, grants certain plpgsql
privileges to the PUBLIC domain, which allows remote attackers
to create and execute functions, as demonstrated by functions that
perform local brute-force password guessing attacks, which may evade
intrusion detection. (CVE-2007-3279)
The Database Link library (dblink) in PostgreSQL 8.1 implements
functions via CREATE statements that map to arbitrary libraries based
on the C programming language, which allows remote authenticated
superusers to map and execute a function from any library, as
demonstrated by using the system function in libc.so.6 to gain shell
access. (CVE-2007-3280)
Updated packages fix these issues, by requiring non-superusers who
use /contrib/dblink to use only password authentication.
_______________________________________________________________________
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3278
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3279
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3280
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
8e0e2cff4bbda7444671086bd7e0430b 2007.0/i586/libecpg5-8.1.10-0.1mdv2007.0.i586.rpm
3be5df4380e5680c3a2adc9ba74543fb 2007.0/i586/libecpg5-devel-8.1.10-0.1mdv2007.0.i586.rpm
59594d2f05d4f23a467b2bd684bc0fa3 2007.0/i586/libpq4-8.1.10-0.1mdv2007.0.i586.rpm
aba27ad1b97f86debfd63b1ae76558a9 2007.0/i586/libpq4-devel-8.1.10-0.1mdv2007.0.i586.rpm
dc4bc45a46d1b69cf13991d70d7d0c71 2007.0/i586/postgresql-8.1.10-0.1mdv2007.0.i586.rpm
7a487ba0458f09c21b941f1a76f74357 2007.0/i586/postgresql-contrib-8.1.10-0.1mdv2007.0.i586.rpm
08a4a0ba67e4c83c43931e61983348ca 2007.0/i586/postgresql-devel-8.1.10-0.1mdv2007.0.i586.rpm
1c02f6136ace73a51ea365c77f28ea6a 2007.0/i586/postgresql-docs-8.1.10-0.1mdv2007.0.i586.rpm
a13c547f110fa39ed62a843526f70e8e 2007.0/i586/postgresql-pl-8.1.10-0.1mdv2007.0.i586.rpm
305884f17ccaee34ee2ac3d2dc1c8170 2007.0/i586/postgresql-plperl-8.1.10-0.1mdv2007.0.i586.rpm
cc34a8f0e4bef8d6a0adddc54c3d8f2c 2007.0/i586/postgresql-plpgsql-8.1.10-0.1mdv2007.0.i586.rpm
43d8bf8f3613e038441551cb1662eb8d 2007.0/i586/postgresql-plpython-8.1.10-0.1mdv2007.0.i586.rpm
770b9fc3031c9b97aa0ca8d2ac669e6c 2007.0/i586/postgresql-pltcl-8.1.10-0.1mdv2007.0.i586.rpm
f5a0af71805f7c430696cbbb03ad922f 2007.0/i586/postgresql-server-8.1.10-0.1mdv2007.0.i586.rpm
1e043a882b3d9d445414dabebb96fcf4 2007.0/i586/postgresql-test-8.1.10-0.1mdv2007.0.i586.rpm
be22e5ac6dd504511798d4caa3c3f1df 2007.0/SRPMS/postgresql-8.1.10-0.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
3dab8c951c0944e1bc3a00d4ca64d32e 2007.0/x86_64/lib64ecpg5-8.1.10-0.1mdv2007.0.x86_64.rpm
1d6c86c2593873bf9c4adc4745d3abc2 2007.0/x86_64/lib64ecpg5-devel-8.1.10-0.1mdv2007.0.x86_64.rpm
3141c891ff439c458803cd258fc4479b 2007.0/x86_64/lib64pq4-8.1.10-0.1mdv2007.0.x86_64.rpm
9a30293d6761c4b2b1f2a2e8b284f0ff 2007.0/x86_64/lib64pq4-devel-8.1.10-0.1mdv2007.0.x86_64.rpm
25006369de4abf770fc7a516a762a897 2007.0/x86_64/postgresql-8.1.10-0.1mdv2007.0.x86_64.rpm
5ce4bad8022fc65eb7d1db9d53f32551 2007.0/x86_64/postgresql-contrib-8.1.10-0.1mdv2007.0.x86_64.rpm
03a29dc13f4f556d8df0dcaa07c4766d 2007.0/x86_64/postgresql-devel-8.1.10-0.1mdv2007.0.x86_64.rpm
89ba6a9c0c747108df0209167150c02f 2007.0/x86_64/postgresql-docs-8.1.10-0.1mdv2007.0.x86_64.rpm
a723d7449913d52fca2030d0e63ca182 2007.0/x86_64/postgresql-pl-8.1.10-0.1mdv2007.0.x86_64.rpm
827c1b0092c8b86b6631d16eb30b904e 2007.0/x86_64/postgresql-plperl-8.1.10-0.1mdv2007.0.x86_64.rpm
b2c9eda89df39db40ec55d7a383b15b5 2007.0/x86_64/postgresql-plpgsql-8.1.10-0.1mdv2007.0.x86_64.rpm
25ea855473edb7ef6c9dc372957c2277 2007.0/x86_64/postgresql-plpython-8.1.10-0.1mdv2007.0.x86_64.rpm
23ae5b09b00e0b8518f1ada8163d57a0 2007.0/x86_64/postgresql-pltcl-8.1.10-0.1mdv2007.0.x86_64.rpm
464d1f64bdb2b0f16c6be7b56c71b346 2007.0/x86_64/postgresql-server-8.1.10-0.1mdv2007.0.x86_64.rpm
900cfbe6d3adac1711779b21b3dd4100 2007.0/x86_64/postgresql-test-8.1.10-0.1mdv2007.0.x86_64.rpm
be22e5ac6dd504511798d4caa3c3f1df 2007.0/SRPMS/postgresql-8.1.10-0.1mdv2007.0.src.rpm
Mandriva Linux 2007.1:
28b4b8a53e1dc0117441630c75e8c4ae 2007.1/i586/libecpg5-8.2.5-0.1mdv2007.1.i586.rpm
697b841fa6fcf2fe92e5509ed9b262a3 2007.1/i586/libecpg5-devel-8.2.5-0.1mdv2007.1.i586.rpm
5c6d7bd957121c443fe31562f9fe6261 2007.1/i586/libpq5-8.2.5-0.1mdv2007.1.i586.rpm
be14414b10e8ca06c576090cc802de26 2007.1/i586/libpq5-devel-8.2.5-0.1mdv2007.1.i586.rpm
00baebc695b0d791aacbb0fe1c08e0ad 2007.1/i586/postgresql-8.2.5-0.1mdv2007.1.i586.rpm
97c538ee913a520f429b4581013edc3e 2007.1/i586/postgresql-contrib-8.2.5-0.1mdv2007.1.i586.rpm
b9daafeed274fd9ddb1bd4fdadf03f3f 2007.1/i586/postgresql-devel-8.2.5-0.1mdv2007.1.i586.rpm
75da06b542bbea1f4278a4ba8c5f46bb 2007.1/i586/postgresql-docs-8.2.5-0.1mdv2007.1.i586.rpm
89dfcbe1690c2f4e5917b81c17205d10 2007.1/i586/postgresql-pl-8.2.5-0.1mdv2007.1.i586.rpm
72ef35d3c36a7f7850dab8f095980e44 2007.1/i586/postgresql-plperl-8.2.5-0.1mdv2007.1.i586.rpm
6b3e178ac649527dfcb3adfbbbfbe44e 2007.1/i586/postgresql-plpgsql-8.2.5-0.1mdv2007.1.i586.rpm
c6066550b12d0cd826d16ad57151d323 2007.1/i586/postgresql-plpython-8.2.5-0.1mdv2007.1.i586.rpm
cb6f37ca6ff51f09dba6f1668af9d594 2007.1/i586/postgresql-pltcl-8.2.5-0.1mdv2007.1.i586.rpm
63e6b9fe073410b34165ddf147ed6011 2007.1/i586/postgresql-server-8.2.5-0.1mdv2007.1.i586.rpm
982a89aee68c2fe2a4528f7a53443a23 2007.1/i586/postgresql-test-8.2.5-0.1mdv2007.1.i586.rpm
b8b3ac22c8f39026cfcade15cc2aea94 2007.1/SRPMS/postgresql-8.2.5-0.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
1d5111ef660b6fb5247839ba75fc37a3 2007.1/x86_64/lib64ecpg5-8.2.5-0.1mdv2007.1.x86_64.rpm
d365d0cf979e1c2632e144ba2ff051a5 2007.1/x86_64/lib64ecpg5-devel-8.2.5-0.1mdv2007.1.x86_64.rpm
bcb2d08186934a70a8088ad7b26348ff 2007.1/x86_64/lib64pq5-8.2.5-0.1mdv2007.1.x86_64.rpm
687c54dd685832e3458f4474ba329659 2007.1/x86_64/lib64pq5-devel-8.2.5-0.1mdv2007.1.x86_64.rpm
d7ea11ad9524fdab20225117b20f2717 2007.1/x86_64/postgresql-8.2.5-0.1mdv2007.1.x86_64.rpm
1a2e68d503b6903bd2f4934ea768f055 2007.1/x86_64/postgresql-contrib-8.2.5-0.1mdv2007.1.x86_64.rpm
d877344b20f92228f8021985fa69ab21 2007.1/x86_64/postgresql-devel-8.2.5-0.1mdv2007.1.x86_64.rpm
757f20c5feecec4087bf006b8cdba0b3 2007.1/x86_64/postgresql-docs-8.2.5-0.1mdv2007.1.x86_64.rpm
59b65c9035d55e44c28ee37d6b449646 2007.1/x86_64/postgresql-pl-8.2.5-0.1mdv2007.1.x86_64.rpm
30b2a348faafbf1a1772427207cbd162 2007.1/x86_64/postgresql-plperl-8.2.5-0.1mdv2007.1.x86_64.rpm
18a270c6a3cf0c8e6135c7d1c19a2328 2007.1/x86_64/postgresql-plpgsql-8.2.5-0.1mdv2007.1.x86_64.rpm
a75d1de15ff8bb8b888d8d843a3f3f55 2007.1/x86_64/postgresql-plpython-8.2.5-0.1mdv2007.1.x86_64.rpm
9b6aaeda052fbc274de087987e8681c8 2007.1/x86_64/postgresql-pltcl-8.2.5-0.1mdv2007.1.x86_64.rpm
8ad62e7c5319a0e2c5b5079512dca7b9 2007.1/x86_64/postgresql-server-8.2.5-0.1mdv2007.1.x86_64.rpm
b5409350a8877578ab54ae4a0e7f61cd 2007.1/x86_64/postgresql-test-8.2.5-0.1mdv2007.1.x86_64.rpm
b8b3ac22c8f39026cfcade15cc2aea94 2007.1/SRPMS/postgresql-8.2.5-0.1mdv2007.1.src.rpm
Corporate 3.0:
588715bb0163718873938ff86f1d4202 corporate/3.0/i586/libecpg3-7.4.18-0.1.C30mdk.i586.rpm
928ab48c3f7617f757644bcacc034710 corporate/3.0/i586/libecpg3-devel-7.4.18-0.1.C30mdk.i586.rpm
72f7fd9f4d05c667070052446017f6bc corporate/3.0/i586/libpgtcl2-7.4.18-0.1.C30mdk.i586.rpm
290f3c248453b5b6fd1117be7e1ab747 corporate/3.0/i586/libpgtcl2-devel-7.4.18-0.1.C30mdk.i586.rpm
aaa399732adf2e6fa080135de4fc1862 corporate/3.0/i586/libpq3-7.4.18-0.1.C30mdk.i586.rpm
fe8fbed859473f11ba528a55f58e9d46 corporate/3.0/i586/libpq3-devel-7.4.18-0.1.C30mdk.i586.rpm
5061808637e3c371f9736055af4aa037 corporate/3.0/i586/postgresql-7.4.18-0.1.C30mdk.i586.rpm
fcd466fade3f59c11c5b557280f10797 corporate/3.0/i586/postgresql-contrib-7.4.18-0.1.C30mdk.i586.rpm
ed805cb294ec49aa896fb0c74cd4c963 corporate/3.0/i586/postgresql-devel-7.4.18-0.1.C30mdk.i586.rpm
960a6ec9df468b8a4246439d81e1f83f corporate/3.0/i586/postgresql-docs-7.4.18-0.1.C30mdk.i586.rpm
abf0aadc29a47561556e0b3989cef2ce corporate/3.0/i586/postgresql-jdbc-7.4.18-0.1.C30mdk.i586.rpm
cb8a2fd57dd82f5ccb38cf01e75297d9 corporate/3.0/i586/postgresql-pl-7.4.18-0.1.C30mdk.i586.rpm
aa32657f105fe2a691ff96bcc4ba741e corporate/3.0/i586/postgresql-server-7.4.18-0.1.C30mdk.i586.rpm
2fdb9a752cf31d82ebb00df0588130c6 corporate/3.0/i586/postgresql-tcl-7.4.18-0.1.C30mdk.i586.rpm
fe46f24547fa10573306933033926061 corporate/3.0/i586/postgresql-test-7.4.18-0.1.C30mdk.i586.rpm
180401c4053b1517946e5f30d58b9d4b corporate/3.0/SRPMS/postgresql-7.4.18-0.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
81c7148e224774ff1d0af00d70cbf3dd corporate/3.0/x86_64/lib64ecpg3-7.4.18-0.1.C30mdk.x86_64.rpm
bb141143be18ef10210753b1d938056d corporate/3.0/x86_64/lib64ecpg3-devel-7.4.18-0.1.C30mdk.x86_64.rpm
c7699ded100b384d7700c9036a89bae8 corporate/3.0/x86_64/lib64pgtcl2-7.4.18-0.1.C30mdk.x86_64.rpm
2295fb70c32eda4c04d06526a09abfd4 corporate/3.0/x86_64/lib64pgtcl2-devel-7.4.18-0.1.C30mdk.x86_64.rpm
db97ceb3194087a390ddb03c69b30c8a corporate/3.0/x86_64/lib64pq3-7.4.18-0.1.C30mdk.x86_64.rpm
41b623e7e1a24deb6d31a03082577556 corporate/3.0/x86_64/lib64pq3-devel-7.4.18-0.1.C30mdk.x86_64.rpm
39f0e5df87ebb9539ec42cee909a8645 corporate/3.0/x86_64/postgresql-7.4.18-0.1.C30mdk.x86_64.rpm
48469cd980bbc2d29ec6eb3a45bc77bb corporate/3.0/x86_64/postgresql-contrib-7.4.18-0.1.C30mdk.x86_64.rpm
4b2bd788cba6e39b223e0452ccefb102 corporate/3.0/x86_64/postgresql-devel-7.4.18-0.1.C30mdk.x86_64.rpm
a64df12801fc2a4bda8d7c8e5834a436 corporate/3.0/x86_64/postgresql-docs-7.4.18-0.1.C30mdk.x86_64.rpm
5922318852bd8de043ba30cd55e7fe29 corporate/3.0/x86_64/postgresql-jdbc-7.4.18-0.1.C30mdk.x86_64.rpm
832eebcd9ab3c06b9473f2d3289dc05c corporate/3.0/x86_64/postgresql-pl-7.4.18-0.1.C30mdk.x86_64.rpm
02510d7e598d40f25dd6c610d1546027 corporate/3.0/x86_64/postgresql-server-7.4.18-0.1.C30mdk.x86_64.rpm
c9ce6d529054cd8b21a92b03dbc0896b corporate/3.0/x86_64/postgresql-tcl-7.4.18-0.1.C30mdk.x86_64.rpm
04a0e3f49d4f91935132a20bccdffeb3 corporate/3.0/x86_64/postgresql-test-7.4.18-0.1.C30mdk.x86_64.rpm
180401c4053b1517946e5f30d58b9d4b corporate/3.0/SRPMS/postgresql-7.4.18-0.1.C30mdk.src.rpm
Corporate 4.0:
0f2321b2bc99ed8aee6aecdb49ab33df corporate/4.0/i586/libecpg5-8.1.10-0.1.20060mlcs4.i586.rpm
e23d1d0fa713e09f66feaf0e1ad751c0 corporate/4.0/i586/libecpg5-devel-8.1.10-0.1.20060mlcs4.i586.rpm
b8765e2b0650d2e71aec83652d2a4e7c corporate/4.0/i586/libpq4-8.1.10-0.1.20060mlcs4.i586.rpm
8cd02f43142df2ffe865d694332ec01f corporate/4.0/i586/libpq4-devel-8.1.10-0.1.20060mlcs4.i586.rpm
5c02374f4b80d8abfb5f03d4bc108c08 corporate/4.0/i586/postgresql-8.1.10-0.1.20060mlcs4.i586.rpm
6c51a1332a49afb9a5645255f059aca6 corporate/4.0/i586/postgresql-contrib-8.1.10-0.1.20060mlcs4.i586.rpm
72e90c47c7fda06bc9dedce429848acc corporate/4.0/i586/postgresql-devel-8.1.10-0.1.20060mlcs4.i586.rpm
1b31a1a48b6b1fba2244517a2a789992 corporate/4.0/i586/postgresql-docs-8.1.10-0.1.20060mlcs4.i586.rpm
08425c9962e55546592c03a28fa3177b corporate/4.0/i586/postgresql-pl-8.1.10-0.1.20060mlcs4.i586.rpm
b2888a0453e8a6d9914fb09bb2ae4c30 corporate/4.0/i586/postgresql-plperl-8.1.10-0.1.20060mlcs4.i586.rpm
7f1fa8b30628ed65bdc7e01fa287dcfd corporate/4.0/i586/postgresql-plpgsql-8.1.10-0.1.20060mlcs4.i586.rpm
f077a91da95c35725f167dd0f9033376 corporate/4.0/i586/postgresql-plpython-8.1.10-0.1.20060mlcs4.i586.rpm
d4f4a70065a40b0e036d9adc63dfdb30 corporate/4.0/i586/postgresql-pltcl-8.1.10-0.1.20060mlcs4.i586.rpm
54cf91740d33e33e6d1a0a05212884d1 corporate/4.0/i586/postgresql-server-8.1.10-0.1.20060mlcs4.i586.rpm
1ec216cc5f3dcc15796e0b70523840c5 corporate/4.0/i586/postgresql-test-8.1.10-0.1.20060mlcs4.i586.rpm
6aa551b36336a70ce3cc58dc073a3485 corporate/4.0/SRPMS/postgresql-8.1.10-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
50e3eefd32275cf5b651417cbc4216a1 corporate/4.0/x86_64/lib64ecpg5-8.1.10-0.1.20060mlcs4.x86_64.rpm
9d795789cc60f424e39d10a9a627fab6 corporate/4.0/x86_64/lib64ecpg5-devel-8.1.10-0.1.20060mlcs4.x86_64.rpm
7bc3a22a9a1c8b179223f8f300652539 corporate/4.0/x86_64/lib64pq4-8.1.10-0.1.20060mlcs4.x86_64.rpm
b4f5279bc1c028e9633ff3ae69df2e98 corporate/4.0/x86_64/lib64pq4-devel-8.1.10-0.1.20060mlcs4.x86_64.rpm
135f2583ebba8c937ef65e94cfff4b46 corporate/4.0/x86_64/postgresql-8.1.10-0.1.20060mlcs4.x86_64.rpm
b29df3a033c4f80d93166c4e075a73dc corporate/4.0/x86_64/postgresql-contrib-8.1.10-0.1.20060mlcs4.x86_64.rpm
c46e540ca5e063b53feb63e06f438f66 corporate/4.0/x86_64/postgresql-devel-8.1.10-0.1.20060mlcs4.x86_64.rpm
49a645929b23b095d68b1343d33ed584 corporate/4.0/x86_64/postgresql-docs-8.1.10-0.1.20060mlcs4.x86_64.rpm
0bc2d6034bbdf336283afd735c141987 corporate/4.0/x86_64/postgresql-pl-8.1.10-0.1.20060mlcs4.x86_64.rpm
7ed1208bb18735772c6cecd5c005c635 corporate/4.0/x86_64/postgresql-plperl-8.1.10-0.1.20060mlcs4.x86_64.rpm
b1fe1e0863f0f7a7231146b7707b18d5 corporate/4.0/x86_64/postgresql-plpgsql-8.1.10-0.1.20060mlcs4.x86_64.rpm
76223a8ac834672a08f8005890ac3b89 corporate/4.0/x86_64/postgresql-plpython-8.1.10-0.1.20060mlcs4.x86_64.rpm
1d755e3c55734e3a372d34f8ed1be73d corporate/4.0/x86_64/postgresql-pltcl-8.1.10-0.1.20060mlcs4.x86_64.rpm
9f65beb9255b19140e6e3e27c9ee6f55 corporate/4.0/x86_64/postgresql-server-8.1.10-0.1.20060mlcs4.x86_64.rpm
f06a3c86c59c737d944bde1eaedae166 corporate/4.0/x86_64/postgresql-test-8.1.10-0.1.20060mlcs4.x86_64.rpm
6aa551b36336a70ce3cc58dc073a3485 corporate/4.0/SRPMS/postgresql-8.1.10-0.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
https://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFG+R9nmqjQ0CJFipgRAjkrAJ4rLVY2zOlBYaHYlYGaOb3P/tr99QCgw7+v
3mptByzoXB2Nsufxf1Onuf8=
=p4xq
-----END PGP SIGNATURE-----