CVE-2019-10128 : Security Advisory and Response
Learn about CVE-2019-10128 affecting Postgresql versions earlier than 11.3. Discover the impact, affected systems, exploitation mechanism, and mitigation steps.
Postgresql versions earlier than 11.3 have a vulnerability that allows unauthorized access to data directory files, potentially leading to arbitrary code execution.
Understanding CVE-2019-10128
What is CVE-2019-10128?
Postgresql versions prior to 11.3 are affected by a vulnerability in the Windows installer provided by EnterpriseDB. This vulnerability allows local malicious actors to gain unauthorized access to data directory files.
The Impact of CVE-2019-10128
The vulnerability enables attackers to circumvent read access restrictions imposed by the database, potentially leading to unauthorized data access and arbitrary code execution.
Technical Details of CVE-2019-10128
Vulnerability Description
- The Windows installer for PostgreSQL does not properly secure the Access Control List (ACL) of the installation and data directories.
- This default configuration retains inherited ACL, creating a loophole for unauthorized access.
Affected Systems and Versions
- Product: PostgreSQL
- Versions Affected: 11.x prior to 11.3
Exploitation Mechanism
- Attackers with unprivileged Windows and PostgreSQL accounts can exploit the vulnerability to execute arbitrary code using the PostgreSQL service account.
Mitigation and Prevention
Immediate Steps to Take
- Upgrade PostgreSQL to version 11.3 or later to mitigate the vulnerability.
- Restrict access to the PostgreSQL data directory to authorized users only.
Long-Term Security Practices
- Regularly monitor and audit access controls and permissions on PostgreSQL directories.
- Implement the principle of least privilege to limit access to sensitive directories.
Patching and Updates
- Stay informed about security updates and patches released by PostgreSQL.