A SQL Injection flaw has been discovered in PostgreSQL server in the way triggers that enable transition relations are dumped. The transition relation name is not correctly quoted and it may allow an attacker with CREATE privilege on some non-temporary schema or TRIGGER privilege on some table to create a malicious trigger that, when dumped and restored, would result in additional SQL statements being executed.
Find out more about CVE-2018-16850 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue did not affect the versions of postgresql as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include support for triggers with referecing
syntax, which was included in a later version of the program.
It also doesn't affect the versions of postgresql shipped with CloudForms 4.2, 4.5 and 4.6, and Satellite 5, for the same reason as above.
This issue did not affect the versions of postgresql shipped within Tower, as there is no code path for Tower users to call the CREATE statement.
CVSS3 Base Score | 8 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Attack Vector | Network |
Attack Complexity | Low |
Privileges Required | Low |
User Interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity Impact | High |
Availability Impact | High |
Platform | Errata | Release Date |
---|---|---|
Red Hat Software Collections for Red Hat Enterprise Linux 7 (rh-postgresql10-postgresql) | RHSA-2018:3757 | 2018-12-03 |
Platform | Package | State |
---|---|---|
Red Hat Virtualization 4 | rh-postgresql95-postgresql | Not affected |
Red Hat Virtualization 4 | postgresql | Not affected |
Red Hat Software Collections for Red Hat Enterprise Linux | rh-postgresql95-postgresql | Not affected |
Red Hat Software Collections for Red Hat Enterprise Linux | rh-postgresql96-postgresql | Not affected |
Red Hat Satellite 5 | rh-postgresql95-postgresql | Not affected |
Red Hat Enterprise Linux 7 | postgresql | Not affected |
Red Hat Enterprise Linux 6 | postgresql | Not affected |
Red Hat Enterprise Linux 5 | postgresql | Not affected |
Red Hat Ansible Tower 3 for RHEL 7 | postgresql96-libs | Not affected |