PostgreSQL database fixes “persistent denial-of-service” bug
Courtesy Dan Goodin, Ars Technica
Maintainers of the PostgreSQL open-source database have patched a vulnerability that allowed attackers to corrupt files and in some cases, execute malicious code on underlying servers.
The bug, categorized as CVE-2013-1899, opened users to "persistent denial-of-service" attacks, in which unauthenticated hackers could corrupt files in a way that caused the database server to crash and refuse to reboot. Affected servers could only be restarted by removing garbage text from the files or by restoring them from a backup. Versions 9.0, 9.1, and 9.2 are all vulnerable.
The bug also allowed limited users of a PostgreSQL database to escalate their privileges when it was configured in a way that assigned the same name to the user and the database. When those conditions are met "then this vulnerability may be used to temporarily set one configuration variable with the privileges of the superuser," PostgreSQL maintainers wrote. Such users who also had the ability to save files to the system could also execute malicious code, except in cases where the database is running on the SELinux operating system.
The vulnerability was reported to maintainers on March 12. More details are available in this advisory.