CVE-2019-9193
CVE-2019-9193
Vexday Risk Score
84Corrigir agora
Decisão SSVC (CISA)
Act
Exploração + impacto → ação imediata
Maturidade do exploit
Exploit funcional
PoC popular no GitHub (21 estrelas) — código de exploração amplamente disponível.
CVSS —EPSS 91.9%KEV nãoPoC públicaNuclei simMetasploit simPatch —
Ciclo de vida
20 mar 2019Exploit Metasploit disponível
01 abr 2019Publicada no NVD
08 mai 2019PoC pública
Velocidade de armamento
37 diasaté o primeiro PoC
Recomendação: Corrigir o quanto antes — há exploração ativa confirmada.
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 22
githubgithub.com/b4keSn4ke/CVE-2019-9193★ 21githubgithub.com/geniuszly/CVE-2019-9193★ 4githubgithub.com/wkjung0624/cve-2019-9193★ 3githubgithub.com/paulotrindadec/CVE-2019-9193★ 1githubgithub.com/CybersRMUTL/CVE-2019-9193-Postgresql-RCE★ 0githubgithub.com/corsisechero/CVE-2019-9193byVulHub★ 0githubgithub.com/netw0rk7/CVE-2019-9193-Home-Lab★ 0githubgithub.com/jhnhnck/CVE-2019-9193★ 0vulncheckvulncheck.com/xdb/ae385be7fbf9não verificadovulncheckvulncheck.com/xdb/d49085c8a0denão verificadovulncheckvulncheck.com/xdb/7917b63fa40fnão verificadovulncheckvulncheck.com/xdb/1736beb5bce4não verificadovulncheckvulncheck.com/xdb/18caab4f43c9não verificadocve_referencepacketstormsecurity.com/files/152757/PostgreSQL-COPY-FROM-PROGRAM-Command-Execution.htmlnão verificadovulncheckvulncheck.com/xdb/acb3ad6082cbnão verificadocve_referencepacketstormsecurity.com/files/166540/PostgreSQL-11.7-Remote-Code-Execution.htmlnão verificadocve_referencepacketstormsecurity.com/files/171722/PostgreSQL-9.6.1-Remote-Code-Execution.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/46813não verificadovulncheckvulncheck.com/xdb/6272649d9a3bnão verificadovulncheckvulncheck.com/xdb/3bde608f037cnão verificadovulncheckvulncheck.com/xdb/7163ff91f6bbnão verificadovulncheckvulncheck.com/xdb/e86cc1c8300anão verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Referências
http://packetstormsecurity.com/files/152757/PostgreSQL-COPY-FROM-PROGRAM-Command-Execution.htmlhttp://packetstormsecurity.com/files/166540/PostgreSQL-11.7-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/171722/PostgreSQL-9.6.1-Remote-Code-Execution.htmlhttps://blog.hagander.net/when-a-vulnerability-is-not-a-vulnerability-244/https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5https://paquier.xyz/postgresql-2/postgres-9-3-feature-highlight-copy-tofrom-program/https://security.netapp.com/advisory/ntap-20190502-0003/https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/authenticated-arbitrary-command-execution-on-postgresql-9-3/