CVE-2018-16850

Impact:
Important
Public Date:
2018-11-08
CWE:
CWE-89
Bugzilla:
1645937: CVE-2018-16850 postgresql: SQL injection in pg_upgrade and pg_dump, via CREATE TRIGGER ... REFERENCING
A SQL Injection flaw has been discovered in PostgreSQL server in the way triggers that enable transition relations are dumped. The transition relation name is not correctly quoted and it may allow an attacker with CREATE privilege on some non-temporary schema or TRIGGER privilege on some table to create a malicious trigger that, when dumped and restored, would result in additional SQL statements being executed.

Find out more about CVE-2018-16850 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue did not affect the versions of postgresql as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include support for triggers with referecing syntax, which was included in a later version of the program.

It also doesn't affect the versions of postgresql shipped with CloudForms 4.2, 4.5 and 4.6, and Satellite 5, for the same reason as above.

This issue did not affect the versions of postgresql shipped within Tower, as there is no code path for Tower users to call the CREATE statement.

CVSS v3 metrics

CVSS3 Base Score 8
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity Impact High
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
Red Hat Software Collections for Red Hat Enterprise Linux 7 (rh-postgresql10-postgresql) RHSA-2018:3757 2018-12-03

Affected Packages State

Platform Package State
Red Hat Virtualization 4 rh-postgresql95-postgresql Not affected
Red Hat Virtualization 4 postgresql Not affected
Red Hat Software Collections for Red Hat Enterprise Linux rh-postgresql95-postgresql Not affected
Red Hat Software Collections for Red Hat Enterprise Linux rh-postgresql96-postgresql Not affected
Red Hat Satellite 5 rh-postgresql95-postgresql Not affected
Red Hat Enterprise Linux 7 postgresql Not affected
Red Hat Enterprise Linux 6 postgresql Not affected
Red Hat Enterprise Linux 5 postgresql Not affected
Red Hat Ansible Tower 3 for RHEL 7 postgresql96-libs Not affected

External References

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.