Lucene search
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.CENTOS8_RHSA-2020-5620.NASLHistoryFeb 01, 2021 - 12:00 a.m.
CentOS 8 : postgresql:12 (CESA-2020:5620)
2021-02-0100:00:00
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
7.6 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.026 Low
EPSS
Percentile
90.3%
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:5620 advisory.
-
postgresql: Uncontrolled search path element in logical replication (CVE-2020-14349)
-
postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)
-
postgresql: ALTER … DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)
-
postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)
-
postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)
-
postgresql: psql’s \gset allows overwriting specially treated variables (CVE-2020-25696)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Red Hat Security Advisory RHSA-2020:5620. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(146002);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/02/08");
script_cve_id(
"CVE-2020-1720",
"CVE-2020-14349",
"CVE-2020-14350",
"CVE-2020-25694",
"CVE-2020-25695",
"CVE-2020-25696"
);
script_xref(name:"RHSA", value:"2020:5620");
script_name(english:"CentOS 8 : postgresql:12 (CESA-2020:5620)");
script_set_attribute(attribute:"synopsis", value:
"The remote CentOS host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the
CESA-2020:5620 advisory.
- postgresql: Uncontrolled search path element in logical replication (CVE-2020-14349)
- postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)
- postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)
- postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)
- postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)
- postgresql: psql's \gset allows overwriting specially treated variables (CVE-2020-25696)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:5620");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-25696");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-25695");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/13");
script_set_attribute(attribute:"patch_publication_date", value:"2020/12/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/02/01");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:pgaudit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgres-decoderbufs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql-contrib");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql-docs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql-plperl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql-plpython3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql-pltcl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql-server-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql-static");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql-test");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql-test-rpm-macros");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql-upgrade");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql-upgrade-devel");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CentOS Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/CentOS/release');
if (isnull(os_release) || 'CentOS' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS');
var os_ver = pregmatch(pattern: "CentOS(?: Stream)?(?: Linux)? release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');
os_ver = os_ver[1];
if ('CentOS Stream' >< os_release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);
if (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);
var module_ver = get_kb_item('Host/RedHat/appstream/postgresql');
if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:12');
if ('12' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module postgresql:' + module_ver);
var appstreams = {
'postgresql:12': [
{'reference':'pgaudit-1.4.0-4.module_el8.3.0+620+f1abd701', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'pgaudit-1.4.0-4.module_el8.3.0+620+f1abd701', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgres-decoderbufs-0.10.0-2.module_el8.3.0+620+f1abd701', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgres-decoderbufs-0.10.0-2.module_el8.3.0+620+f1abd701', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-12.5-1.module_el8.3.0+620+f1abd701', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-12.5-1.module_el8.3.0+620+f1abd701', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-contrib-12.5-1.module_el8.3.0+620+f1abd701', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-contrib-12.5-1.module_el8.3.0+620+f1abd701', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-docs-12.5-1.module_el8.3.0+620+f1abd701', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-docs-12.5-1.module_el8.3.0+620+f1abd701', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-plperl-12.5-1.module_el8.3.0+620+f1abd701', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-plperl-12.5-1.module_el8.3.0+620+f1abd701', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-plpython3-12.5-1.module_el8.3.0+620+f1abd701', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-plpython3-12.5-1.module_el8.3.0+620+f1abd701', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-pltcl-12.5-1.module_el8.3.0+620+f1abd701', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-pltcl-12.5-1.module_el8.3.0+620+f1abd701', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-server-12.5-1.module_el8.3.0+620+f1abd701', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-server-12.5-1.module_el8.3.0+620+f1abd701', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-server-devel-12.5-1.module_el8.3.0+620+f1abd701', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-server-devel-12.5-1.module_el8.3.0+620+f1abd701', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-static-12.5-1.module_el8.3.0+620+f1abd701', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-static-12.5-1.module_el8.3.0+620+f1abd701', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-test-12.5-1.module_el8.3.0+620+f1abd701', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-test-12.5-1.module_el8.3.0+620+f1abd701', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-test-rpm-macros-12.5-1.module_el8.3.0+620+f1abd701', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-test-rpm-macros-12.5-1.module_el8.3.0+620+f1abd701', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-upgrade-12.5-1.module_el8.3.0+620+f1abd701', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-upgrade-12.5-1.module_el8.3.0+620+f1abd701', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-upgrade-devel-12.5-1.module_el8.3.0+620+f1abd701', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-upgrade-devel-12.5-1.module_el8.3.0+620+f1abd701', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
]
};
var flag = 0;
appstreams_found = 0;
foreach module (keys(appstreams)) {
var appstream = NULL;
var appstream_name = NULL;
var appstream_version = NULL;
var appstream_split = split(module, sep:':', keep:FALSE);
if (!empty_or_null(appstream_split)) {
appstream_name = appstream_split[0];
appstream_version = appstream_split[1];
if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);
}
if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
appstreams_found++;
foreach package_array ( appstreams[module] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'CentOS-' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (reference && _release) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
}
}
if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:12');
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pgaudit / postgres-decoderbufs / postgresql / postgresql-contrib / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| centos | centos | postgresql-upgrade-devel | p-cpe:/a:centos:centos:postgresql-upgrade-devel |
| centos | centos | postgresql-contrib | p-cpe:/a:centos:centos:postgresql-contrib |
| centos | centos | postgresql | p-cpe:/a:centos:centos:postgresql |
| centos | centos | postgresql-pltcl | p-cpe:/a:centos:centos:postgresql-pltcl |
| centos | centos | 8 | cpe:/o:centos:centos:8 |
| centos | centos | postgresql-server-devel | p-cpe:/a:centos:centos:postgresql-server-devel |
| centos | centos | postgresql-server | p-cpe:/a:centos:centos:postgresql-server |
| centos | centos | postgresql-test | p-cpe:/a:centos:centos:postgresql-test |
| centos | centos | postgresql-docs | p-cpe:/a:centos:centos:postgresql-docs |
| centos | centos | postgresql-plperl | p-cpe:/a:centos:centos:postgresql-plperl |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14349
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14350
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1720
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25694
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25695
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25696
access.redhat.com/errata/RHSA-2020:5620
Related
redhat
redhat
(RHSA-2020:5620) Important: postgresql:12 security update
2020-12-17 15:30:10
(RHSA-2021:0163) Important: postgresql:12 security update
2021-01-18 09:18:11
(RHSA-2021:0161) Important: postgresql:10 security update
2021-01-18 09:12:23
nessus
nessus
RHEL 8 : postgresql:12 (RHSA-2021:0163)
2021-01-18 00:00:00
RHEL 8 : postgresql:12 (RHSA-2020:5620)
2020-12-18 00:00:00
SUSE SLES12 Security Update : postgresql12 (SUSE-SU-2020:3630-1)
2020-12-09 00:00:00
almalinux
almalinux
Important: postgresql:12 security update
2020-12-17 15:30:10
Important: postgresql:9.6 security update
2020-12-17 15:20:53
Important: postgresql:10 security update
2020-12-16 08:03:04
osv
osv
Important: postgresql:12 security update
2020-12-17 15:30:10
Important: postgresql:12 security update
2020-12-17 15:30:10
postgresql-10, postgresql-12, postgresql-9.5 vulnerabilities
2020-11-17 13:03:44
rocky
rocky
postgresql:12 security update
2020-12-17 15:30:10
oraclelinux
oraclelinux
postgresql:12 security update
2020-12-23 00:00:00
postgresql:10 security update
2020-12-22 00:00:00
postgresql:9.6 security update
2020-12-23 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: postgresql-12.6-1.fc33
2021-02-26 01:10:06
ibm
ibm
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2020:3630-1)
2021-04-19 00:00:00
Fedora: Security Advisory for postgresql (FEDORA-2021-3286ac2acc)
2021-02-26 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:3463-1)
2021-06-09 00:00:00
suse
suse
Security update for postgresql12 (important)
2020-11-26 00:00:00
Security update for postgresql12 (important)
2020-11-26 00:00:00
Security update for postgresql, postgresql13 (moderate)
2021-02-24 00:00:00
altlinux
altlinux
archlinux
archlinux
[ASA-202011-14] postgresql: multiple issues
2020-11-17 00:00:00
ubuntu
ubuntu
PostgreSQL vulnerabilities
2020-11-17 00:00:00
PostgreSQL vulnerabilities
2020-08-25 00:00:00
gentoo
gentoo
PostgreSQL: Multiple vulnerabilities
2020-12-07 00:00:00
PostgreSQL: Multiple vulnerabilities
2020-08-26 00:00:00
amazon
amazon
Important: postgresql95, postgresql96
2021-01-12 22:52:00
Important: postgresql92
2021-07-08 18:38:00
kaspersky
kaspersky
KLA12005 Multiple vulnerabilities in PostgreSQL
2020-11-12 00:00:00
debian
debian
[SECURITY] [DLA 2478-1] postgresql-9.6 security update
2020-12-02 11:04:53
mageia
mageia
Updated postgresql packages fix security vulnerabilities
2020-11-21 15:21:00
photon
photon
f5
f5
K53632470 : PostgreSQL vulnerabilities CVE-2020-25694, CVE-2020-25695
2021-01-06 00:00:00
centos
centos
postgresql security update
2021-06-14 18:54:03
7.6 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.026 Low
EPSS
Percentile
90.3%
Related for CENTOS8_RHSA-2020-5620.NASL