Vigil@nce: PostgreSQL, information disclosure
March 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can obtain information on data of a table that he
cannot read.
Gravity: 1/4
Consequences: data reading
Provenance: intranet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 3
Creation date: 11/03/2009
IMPACTED PRODUCTS
– PostgreSQL
DESCRIPTION OF THE VULNERABILITY
Privileges granted on a table can be defined by the administrator:
SELECT, UPDATE, DELETE, etc. An attacker without the SELECT
privilege on a table can in some cases obtain information.
When a user does not have the SELECT privilege on a table, but has
the UPDATE or DELETE privilege, and if this table has a unique
constraint, then the insertion of a duplicate record generates an
error. He can thus deduct that the key was already in the unique
index. [grav:1/4]
When a user does not have the SELECT privilege on a table, but has
the UPDATE or DELETE privilege on another table with constraint,
then deleting a record in the second table fails because of a
"foreign key" constraint. He can thus deduct that there is a
record in the first table associated to this key. [grav:1/4]
When a user does not have the SELECT privilege on a table with a
primary/indexed key containing sensitive information, he can use
EXPLAIN to obtain statistitic in its data. [grav:1/4]
An attacker can thus obtain information on data of a table that he
cannot read.
CHARACTERISTICS
Identifiers: BID-34069, VIGILANCE-VUL-8529
http://vigilance.fr/vulnerability/PostgreSQL-information-disclosure-8529