CVE-2019-9193
CVE-2019-9193
Vexday Risk Score
84Corregir ahora
Decisión SSVC (CISA)
Act
Explotación + impacto → acción inmediata
Madurez del exploit
Exploit funcional
PoC popular en GitHub (21 estrellas) — código de explotación ampliamente disponible.
CVSS —EPSS 91.9%KEV nãoPoC públicaNuclei simMetasploit simPatch —
Ciclo de vida
20 mar 2019Exploit Metasploit disponible
01 abr 2019Publicada en NVD
08 may 2019PoC pública
Velocidad de armamento
37 díashasta el primer PoC
Recomendación: Corregir cuanto antes — hay explotación activa confirmada.
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’.
Productos afectados
n/a · n/aPoCs públicas encontradas — 22
githubgithub.com/b4keSn4ke/CVE-2019-9193★ 21githubgithub.com/geniuszly/CVE-2019-9193★ 4githubgithub.com/wkjung0624/cve-2019-9193★ 3githubgithub.com/paulotrindadec/CVE-2019-9193★ 1githubgithub.com/CybersRMUTL/CVE-2019-9193-Postgresql-RCE★ 0githubgithub.com/corsisechero/CVE-2019-9193byVulHub★ 0githubgithub.com/netw0rk7/CVE-2019-9193-Home-Lab★ 0githubgithub.com/jhnhnck/CVE-2019-9193★ 0vulncheckvulncheck.com/xdb/ae385be7fbf9no verificadovulncheckvulncheck.com/xdb/d49085c8a0deno verificadovulncheckvulncheck.com/xdb/7917b63fa40fno verificadovulncheckvulncheck.com/xdb/1736beb5bce4no verificadovulncheckvulncheck.com/xdb/18caab4f43c9no verificadocve_referencepacketstormsecurity.com/files/152757/PostgreSQL-COPY-FROM-PROGRAM-Command-Execution.htmlno verificadovulncheckvulncheck.com/xdb/acb3ad6082cbno verificadocve_referencepacketstormsecurity.com/files/166540/PostgreSQL-11.7-Remote-Code-Execution.htmlno verificadocve_referencepacketstormsecurity.com/files/171722/PostgreSQL-9.6.1-Remote-Code-Execution.htmlno verificadoexploitdbwww.exploit-db.com/exploits/46813no verificadovulncheckvulncheck.com/xdb/6272649d9a3bno verificadovulncheckvulncheck.com/xdb/3bde608f037cno verificadovulncheckvulncheck.com/xdb/7163ff91f6bbno verificadovulncheckvulncheck.com/xdb/e86cc1c8300ano verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
Referencias
http://packetstormsecurity.com/files/152757/PostgreSQL-COPY-FROM-PROGRAM-Command-Execution.htmlhttp://packetstormsecurity.com/files/166540/PostgreSQL-11.7-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/171722/PostgreSQL-9.6.1-Remote-Code-Execution.htmlhttps://blog.hagander.net/when-a-vulnerability-is-not-a-vulnerability-244/https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5https://paquier.xyz/postgresql-2/postgres-9-3-feature-highlight-copy-tofrom-program/https://security.netapp.com/advisory/ntap-20190502-0003/https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/authenticated-arbitrary-command-execution-on-postgresql-9-3/