6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.005 Low
EPSS
Percentile
75.9%
According to the versions of the postgresql packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.(CVE-2020-14349)
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension.(CVE-2020-14350)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(141004);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/12");
script_cve_id("CVE-2020-14349", "CVE-2020-14350");
script_name(english:"EulerOS 2.0 SP8 : postgresql (EulerOS-SA-2020-2156)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the postgresql packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- It was found that PostgreSQL versions before 12.4,
before 11.9 and before 10.14 did not properly sanitize
the search_path during logical replication. An
authenticated attacker could use this flaw in an attack
similar to CVE-2018-1058, in order to execute arbitrary
SQL command in the context of the user used for
replication.(CVE-2020-14349)
- It was found that some PostgreSQL extensions did not
use search_path safely in their installation script. An
attacker with sufficient privileges could use this flaw
to trick an administrator into executing a specially
crafted script, during the installation or update of
such extension.(CVE-2020-14350)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2156
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?98abf27e");
script_set_attribute(attribute:"solution", value:
"Update the affected postgresql packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-14349");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-14350");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"patch_publication_date", value:"2020/09/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/09/29");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:postgresql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:postgresql-contrib");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:postgresql-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:postgresql-docs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:postgresql-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:postgresql-plperl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:postgresql-plpython");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:postgresql-pltcl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:postgresql-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:postgresql-test");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
flag = 0;
pkgs = ["postgresql-10.5-3.h10.eulerosv2r8",
"postgresql-contrib-10.5-3.h10.eulerosv2r8",
"postgresql-devel-10.5-3.h10.eulerosv2r8",
"postgresql-docs-10.5-3.h10.eulerosv2r8",
"postgresql-libs-10.5-3.h10.eulerosv2r8",
"postgresql-plperl-10.5-3.h10.eulerosv2r8",
"postgresql-plpython-10.5-3.h10.eulerosv2r8",
"postgresql-pltcl-10.5-3.h10.eulerosv2r8",
"postgresql-server-10.5-3.h10.eulerosv2r8",
"postgresql-test-10.5-3.h10.eulerosv2r8"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql");
}
Vendor | Product | Version | CPE |
---|---|---|---|
huawei | euleros | postgresql-plpython | p-cpe:/a:huawei:euleros:postgresql-plpython |
huawei | euleros | postgresql-server | p-cpe:/a:huawei:euleros:postgresql-server |
huawei | euleros | postgresql-docs | p-cpe:/a:huawei:euleros:postgresql-docs |
huawei | euleros | postgresql-devel | p-cpe:/a:huawei:euleros:postgresql-devel |
huawei | euleros | postgresql-libs | p-cpe:/a:huawei:euleros:postgresql-libs |
huawei | euleros | postgresql-contrib | p-cpe:/a:huawei:euleros:postgresql-contrib |
huawei | euleros | postgresql | p-cpe:/a:huawei:euleros:postgresql |
huawei | euleros | postgresql-test | p-cpe:/a:huawei:euleros:postgresql-test |
huawei | euleros | postgresql-pltcl | p-cpe:/a:huawei:euleros:postgresql-pltcl |
huawei | euleros | postgresql-plperl | p-cpe:/a:huawei:euleros:postgresql-plperl |
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.005 Low
EPSS
Percentile
75.9%