All Vulnerability Reports

CVE-2019-10164: Critical Security Issue in PostgreSQL


Severity

High

Vendor

Pivotal Cloud Foundry

Description

PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.

Affected VMware Products and Versions

Severity is high unless otherwise noted.

  • BOSH v268.2.x versions prior to v268.2.7
  • BOSH v268.6.x versions prior to v268.6.4
  • BOSH v269.0.x versions prior to v269.0.5
  • Pivotal Ops Manager 2.4.x versions prior to 2.4.17
  • Pivotal Ops Manager 2.5.x versions prior to 2.5.12
  • Pivotal Ops Manager 2.6.x versions prior to 2.6.6
  • UAA v73.x version prior to v73.4.2

Mitigation

Users of affected versions should apply the following mitigation:

  • Releases that have fixed this issue include:
    • BOSH v268.2.7
    • BOSH v268.6.4
    • BOSH v269.0.5
    • Pivotal Ops Manager 2.4.17
    • Pivotal Ops Manager 2.5.12
    • Pivotal Ops Manager 2.6.6
    • UAA v73.4.2

References

History

2019-08-20: Initial vulnerability report published.