what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2016-5424

Status Candidate

Overview

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.

Related Files

Red Hat Security Advisory 2017-2425-01
Posted Aug 7, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2425-01 - PostgreSQL is an advanced object-relational database management system. The following packages have been upgraded to a later upstream version: rh-postgresql95-postgresql. Security Fix: A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2016-5423, CVE-2016-5424, CVE-2017-7484, CVE-2017-7485, CVE-2017-7486
SHA-256 | ca8ad47d3f723a61273cac1700b53c8711537097c80d0745760b2136039712be
Gentoo Linux Security Advisory 201701-33
Posted Jan 13, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201701-33 - Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in execution of arbitrary code or privilege escalation. Versions less than 9.5.4 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-5288, CVE-2015-5289, CVE-2016-0766, CVE-2016-0773, CVE-2016-5423, CVE-2016-5424
SHA-256 | 5c1835ce9d97c2296528f8ac7307f5177d1c964c2ef3bec50562a53e37dcd826
Red Hat Security Advisory 2016-2606-02
Posted Nov 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2606-02 - PostgreSQL is an advanced object-relational database management system. The following packages have been upgraded to a newer upstream version: postgresql. Security Fix: A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2016-5423, CVE-2016-5424
SHA-256 | c99a6f532bfabc4533d530b609b0c740b77fe5e55545d92a489c34090bde5b63
Red Hat Security Advisory 2016-1821-01
Posted Sep 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1821-01 - PostgreSQL is an advanced object-relational database management system. A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2016-5423, CVE-2016-5424
SHA-256 | a1daa7d26bd9b517de4ebaef6d4ee6539c7d30d459adc3616fd1d5f50494d8cd
Red Hat Security Advisory 2016-1820-01
Posted Sep 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1820-01 - PostgreSQL is an advanced object-relational database management system. A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2016-5423, CVE-2016-5424
SHA-256 | 1dbb7512ec7de27e0db8351cc57920e4be83a979a014fc97b97b377f755950f1
Red Hat Security Advisory 2016-1781-01
Posted Aug 31, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1781-01 - PostgreSQL is an advanced object-relational database management system. The following packages have been upgraded to a newer upstream version: rh-postgresql94-postgresql. Security Fix: A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2016-5423, CVE-2016-5424
SHA-256 | 9345dc2c41d8927ec523db65c6d7145025cd5746f563f0a1360ea20e8f699bf1
Ubuntu Security Notice USN-3066-1
Posted Aug 21, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3066-1 - Heikki Linnakangas discovered that PostgreSQL incorrectly handled certain nested CASE/WHEN expressions. A remote attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service. Nathan Bossart discovered that PostgreSQL incorrectly handled special characters in database and role names. A remote attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2016-5423, CVE-2016-5424
SHA-256 | 631180ab4ac8959cbc1fc2b1f193d4d9ef8f6361d6b3551a0853508b741abaf4
Debian Security Advisory 3646-1
Posted Aug 12, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3646-1 - Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-5423, CVE-2016-5424
SHA-256 | c3df4bfd752b1d252e7675808c819927ea0b15f3eb6c0f17bde3866accb51401
Page 1 of 1
Back1Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close