Fwd: [CIVN-2020-0183] Arbitrary code execution vulnerability in PostgreSQL Installer

Severity Rating: HIGH

Software Affected

•Windows installer for PostgreSQL versions12.3, 11.8, 10.13, 9.6.18, and

9.5.22

Overview

A vulnerability has been reported in PostgreSQL which could be exploited by

an attacker to execute arbitrary code on a targeted system.

Description

This vulnerability exists in PostgreSQL installer for Windows due to

failure to use fully-qualified paths for invoking system-provided

executables. An attacker could exploit this vulnerability by tricking a

user to install PostgreSQL from a directory that contains malicious files.

Successful exploitation of this vulnerability could allow the attacker to

execute arbitrary code with the privileges of the PostgreSQL installer on

the targeted system.

Note: - This vulnerability affects Windows installer only.

Solution

Apply appropriate updates as mentioned in:

https://www.postgresql.org/about/news/2038/

Vendor Information

PostgreSQL.org

https://www.postgresql.org/about/news/2038/

References

PostgreSQL.org

https://www.postgresql.org/about/news/2038/

CybersecurityHelp

https://www.cybersecurity-help.cz/vdb/SB2020051418

Vulmon

https://vulmon.com/vulnerabilitydetails?qid=CVE-2020-10733

CVE Name

CVE-2020-10733

About Cert Advisory

We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.

Fwd: [CIVN-2020-0183] Arbitrary code execution vulnerability in PostgreSQL Installer

About Cert Advisory

Related Posts

Popular Posts

Facebook

Blog Archive