000033850 - RSA Authentication Manager 8.2 Multiple PostgreSQL Vulnerabilities - False Positive

Document created by RSA Customer Support Employee on Aug 26, 2016
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000033850
Applies ToRSA Product Set:  SecurID
RSA Product/Service Type:  Authentication Manager
RSA Version/Condition: 8.x
 
CVE IDCVE-2016-5423, CVE-2016-5424
Article SummaryCVE-2016-5423: 
Certain nested CASE expressions can cause the server to crash.
It was discovered that certain SQL statements containing CASE/WHEN commands could crash the PostgreSQL server, or disclose a few bytes of server memory, potentially leading to arbitrary code execution.
CVE-2016-5424: 
Database and role names with embedded special characters can allow code injection during administrative operations like pg_dumpall.
It was found that PostgreSQL client programs mishandle database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable program. Vulnerable programs include pg_dumpall, pg_upgrade, vacuumdb, reindexdb, and clusterdb.
Link to AdvisoriesCVE-2016-5423: 
https://access.redhat.com/security/cve/CVE-2016-5423
https://bugzilla.redhat.com/show_bug.cgi?id=1364001
CVE-2016-5424: 
https://access.redhat.com/security/cve/CVE-2016-5424
https://bugzilla.redhat.com/show_bug.cgi?id=1366346
https://www.postgresql.org/about/news/1688/
Alert ImpactNot Exploitable
Technical DetailsThe flaw exists but it is not exploitable
Technical Details ExplanationCVE-2016-5423:
Response:
The flaw exists but cannot be exploited.
The AM server wraps access to the database and does not provide the direct access to the database which would be required to exploit this issue.
CVE-2016-5424:
Response:
The flaw exists but cannot be exploited.
The AM server controls access to the database accounts and tools. There are no non-privileged accounts in the database with the required roles that are directly accessible to anyone except the AM server.

 

Disclaimer

Read and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact RSA Software Technical Support at 1- 800 995 5095. RSA Security LLC and its affiliates, including without limitation, its ultimate parent company, EMC Corporation, distributes RSA Security Advisories in order to bring to the attention of users of the affected RSA products, important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided 'as is' without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall RSA, its affiliates or suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA, its affiliates or suppliers have been advised of the possibility of such damages. Some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.

Attachments

    Outcomes