25731 : PostgreSQL Single Quote Escaping Filter Bypass
Printer | http://osvdb.org/25731 | Email This | Edit Vulnerability

Views This Week

Views All Time

551

Info

Last Modified

about 1 year ago

Percent Complete

90%

Disclosure

May 24, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Keywords

rPath Security Advisory: 2006-0080-1

Description

PostgreSQL contains a flaw that may allow a malicious user to bypass security restrictions and execute arbitrary SQL commands. The issue is triggered due to an error when escaping ASCII single quote "'" characters (by turning them into "\'") and operating in multibyte encodings (e.g. SJIS, BIG5, GBK, GB18030, or UHC) that allow using the "0x5c" ASCII code (backslash) as the trailing byte of a multibyte character. It is possible that the flaw may allow SQL injection attacks resulting in a loss of confidentiality and integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Rumored / Private
Disclosure: OSVDB Verified

Solution

Upgrade to version 7.3.15, 7.4.13, 8.0.8, 8.1.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

PostgreSQL, Inc.	PostgreSQL	8.1.3
		8.0.7
		7.4.12
		7.3.14

References

CVE ID: 2006-2314 (see also: NVD)
Secunia Advisory ID: 20231 20232 20303 20314 20435 20451 20503 20555 20653 20782 21001 21749
Related OSVDB ID: 25730
FrSIRT Advisory: ADV-2006-1941
Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc http://lists.suse.com/archive/suse-security-announce/2006-Jun/0002.html
http://lists.suse.com/archive/suse-security-announce/2006-Sep/0001.html
http://www.gentoo.org/security/en/glsa/glsa-200607-04.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:098
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0584.html
http://archives.postgresql.org/pgsql-announce/2006-05/msg00010.php
Vendor Specific News/Changelog Entry: http://sourceforge.net/tracker/index.php?func=detail&aid=1494281&group_id=85788&a ......
http://www.postgresql.org/docs/techdocs.52
Vendor Specific Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2006-113.htm
http://www.trustix.org/errata/2006/0032/
http://www.ubuntu.com/usn/usn-288-1
http://www.us.debian.org/security/2006/dsa-1087
Vendor URL: http://www.logicalware.org/
RedHat RHSA: RHSA-2006:0526
Keyword: rPath Security Advisory: 2006-0080-1

Tools & Filters

Nessus	21595 21613 21670 22011 22629 24111 24112 27200 27400 27402 27656 27858 27859

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Keywords

Description

Classification

Solution

Products

PostgreSQL, Inc.

PostgreSQL

References

Tools & Filters

Credit

Blogs

Comments