what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 28 RSS Feed

CVE-2024-0985

Status Candidate

Overview

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. As part of exploiting this vulnerability, the attacker creates functions that use CREATE RULE to convert the internally-built temporary table to a view. Versions before PostgreSQL 15.6, 14.11, 13.14, and 12.18 are affected. The only known exploit does not work in PostgreSQL 16 and later. For defense in depth, PostgreSQL 16.2 adds the protections that older branches are using to fix their vulnerability.

Related Files

Red Hat Security Advisory 2024-1437-03
Posted Mar 20, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1437-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.4 Advanced Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-0985
SHA-256 | dfebe176f38fa6bcef3672bc745db4d92b72ebce8be5d150100f167f9f271c10
Red Hat Security Advisory 2024-1429-03
Posted Mar 20, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1429-03 - An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.4 Advanced Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-0985
SHA-256 | 2522fe7edd6db40ae154702b98232c14b92b45092126cd45c993310a55e8a00e
Red Hat Security Advisory 2024-1428-03
Posted Mar 20, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1428-03 - An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-0985
SHA-256 | 6e893f3c525f667394087eddee3094bfd9d00f348f45e3b7b05d7ebe5e7cfc90
Red Hat Security Advisory 2024-1426-03
Posted Mar 20, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1426-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-0985
SHA-256 | b0df5fb53b3fae00a8726aca42978fae4078b0f6ce5cdffe48faac27d87bfde5
Red Hat Security Advisory 2024-1422-03
Posted Mar 20, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1422-03 - An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-0985
SHA-256 | 4104962a5b110a017d0339249c1fbb6b16376a1637727810256f0c1521163605
Red Hat Security Advisory 2024-1348-03
Posted Mar 18, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1348-03 - An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-0985
SHA-256 | 12701665c8c4af8ea9bd2661fc2d37419a7c25ffe7d92d76c953ecc21c5ad46d
Red Hat Security Advisory 2024-1315-03
Posted Mar 14, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1315-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-0985
SHA-256 | 5c07e13176e7ba3129760645563207929dd20831c991cd82a0e00a19a17b4cf7
Red Hat Security Advisory 2024-1314-03
Posted Mar 14, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1314-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-0985
SHA-256 | 8a03f568fa207cd9a133487dff3b0fecd855fa1c24625d76f411122c04366cda
Ubuntu Security Notice USN-6656-2
Posted Mar 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6656-2 - USN-6656-1 fixed several vulnerabilities in PostgreSQL. This update provides the corresponding updates for Ubuntu 16.04 LTS It was discovered that PostgreSQL incorrectly handled dropping privileges when handling REFRESH MATERIALIZED VIEW CONCURRENTLY commands. If a user or automatic system were tricked into running a specially crafted command, a remote attacker could possibly use this issue to execute arbitrary SQL functions.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2024-0985
SHA-256 | f45b11c7e2648a6365c7c0c4a04b1f4fe6c6106dd3b6d76e794be3a2d298a00a
Red Hat Security Advisory 2024-1241-03
Posted Mar 12, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1241-03 - An update for postgresql is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-0985
SHA-256 | 81d2e122dc4f561137a9b81b946b42b852b49443e32cf555393ddaa2ef23712c
Red Hat Security Advisory 2024-1240-03
Posted Mar 12, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1240-03 - An update for postgresql is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-0985
SHA-256 | 6b964382136a6cad5b64f9d306d6ae21eafe4cae72e58a1b42de308fd2dea2d7
Red Hat Security Advisory 2024-1195-03
Posted Mar 7, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1195-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.4 Advanced Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-0985
SHA-256 | 4a62e85d2e9335b31b753b1873c375b17d09631d47a9bc05cabe94644bfe396a
Red Hat Security Advisory 2024-1071-03
Posted Mar 5, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1071-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-0985
SHA-256 | 79a9d44b067e4c67a5f18aae0374153639c89df087d301677ddd2404688b0f5c
Red Hat Security Advisory 2024-1070-03
Posted Mar 5, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1070-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-0985
SHA-256 | a538b8c668e04bbc4b2044ace9bb19d9a60d7b1ab22aa75cb10fa90a33ac49e1
Red Hat Security Advisory 2024-1069-03
Posted Mar 5, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1069-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-0985
SHA-256 | 58ebc3da7e09fa29607d3274dd47383574689f6a1e09fb041b094c6f25116f2e
Red Hat Security Advisory 2024-1017-03
Posted Feb 28, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1017-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-0985
SHA-256 | 29be14ea47ab8b6d96708949fab46ba7e2371eac9de3350da2baa61c6f3614cb
Ubuntu Security Notice USN-6656-1
Posted Feb 27, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6656-1 - It was discovered that PostgreSQL incorrectly handled dropping privileges when handling REFRESH MATERIALIZED VIEW CONCURRENTLY commands. If a user or automatic system were tricked into running a specially crafted command, a remote attacker could possibly use this issue to execute arbitrary SQL functions.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2024-0985
SHA-256 | 6797b8612873d00de8c6c855d9749b296bac7e6a4b0d216f58b119fed0c03bc5
Red Hat Security Advisory 2024-0992-03
Posted Feb 27, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0992-03 - An update for rh-postgresql10-postgresql is now available for Red Hat Software Collections.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-0985
SHA-256 | d6291af2df11e1db19f24e8b3717ba073eecc78193f560216049e340c1f231d4
Red Hat Security Advisory 2024-0990-03
Posted Feb 27, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0990-03 - An update for rh-postgresql12-postgresql is now available for Red Hat Software Collections.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-0985
SHA-256 | d7e0c3662d4c5cdf8cbd95caaf0b209a2a72cbef6382b66a3c90aa289c3539ae
Red Hat Security Advisory 2024-0988-03
Posted Feb 27, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0988-03 - An update for rh-postgresql13-postgresql is now available for Red Hat Software Collections.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-0985
SHA-256 | cf1570a55af5e2f79fae721d9d6919a1dfcb85452725c14be5f2f5a70571b435
Red Hat Security Advisory 2024-0975-03
Posted Feb 26, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0975-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-0985
SHA-256 | ddf60dfaa3f3452387d7bfcf21f571ae1d26d1bf7cf7a72a8d71c0a0d3a835c1
Red Hat Security Advisory 2024-0974-03
Posted Feb 26, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0974-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-0985
SHA-256 | 842781035254527f8ff0ecbcc051b98ba3eea1028d55d9afe079785c57cd7499
Red Hat Security Advisory 2024-0973-03
Posted Feb 26, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0973-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-0985
SHA-256 | a0d2297705d3944795570778d0a22295e7da472a206f0f636066882682876e74
Red Hat Security Advisory 2024-0956-03
Posted Feb 26, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0956-03 - An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-0985
SHA-256 | 311233ac529890b8d5ce5648b57f3872bbfec1a10f16420e774f8d60dd399c4a
Red Hat Security Advisory 2024-0951-03
Posted Feb 24, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0951-03 - An update for postgresql is now available for Red Hat Enterprise Linux 9.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-0985
SHA-256 | 214553eadea691b45f4cbb9f31d8593002013312ec8243315ad28d3e92541add
Page 1 of 2
Back12Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close