Showing 1 - 25 of 28

CVE-2024-0985

Status Candidate

Overview

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. As part of exploiting this vulnerability, the attacker creates functions that use CREATE RULE to convert the internally-built temporary table to a view. Versions before PostgreSQL 15.6, 14.11, 13.14, and 12.18 are affected. The only known exploit does not work in PostgreSQL 16 and later. For defense in depth, PostgreSQL 16.2 adds the protections that older branches are using to fix their vulnerability.

Related Files

Red Hat Security Advisory 2024-1437-03: Posted Mar 20, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-1437-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.4 Advanced Update Support.; tags | advisory; systems | linux, redhat; advisories | CVE-2024-0985; SHA-256 | dfebe176f38fa6bcef3672bc745db4d92b72ebce8be5d150100f167f9f271c10; Download | Favorite | View

Red Hat Security Advisory 2024-1429-03: Posted Mar 20, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-1429-03 - An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.4 Advanced Update Support.; tags | advisory; systems | linux, redhat; advisories | CVE-2024-0985; SHA-256 | 2522fe7edd6db40ae154702b98232c14b92b45092126cd45c993310a55e8a00e; Download | Favorite | View

Red Hat Security Advisory 2024-1428-03: Posted Mar 20, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-1428-03 - An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.; tags | advisory; systems | linux, redhat; advisories | CVE-2024-0985; SHA-256 | 6e893f3c525f667394087eddee3094bfd9d00f348f45e3b7b05d7ebe5e7cfc90; Download | Favorite | View

Red Hat Security Advisory 2024-1426-03: Posted Mar 20, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-1426-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.; tags | advisory; systems | linux, redhat; advisories | CVE-2024-0985; SHA-256 | b0df5fb53b3fae00a8726aca42978fae4078b0f6ce5cdffe48faac27d87bfde5; Download | Favorite | View

Red Hat Security Advisory 2024-1422-03: Posted Mar 20, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-1422-03 - An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.; tags | advisory; systems | linux, redhat; advisories | CVE-2024-0985; SHA-256 | 4104962a5b110a017d0339249c1fbb6b16376a1637727810256f0c1521163605; Download | Favorite | View

Red Hat Security Advisory 2024-1348-03: Posted Mar 18, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-1348-03 - An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.; tags | advisory; systems | linux, redhat; advisories | CVE-2024-0985; SHA-256 | 12701665c8c4af8ea9bd2661fc2d37419a7c25ffe7d92d76c953ecc21c5ad46d; Download | Favorite | View

Red Hat Security Advisory 2024-1315-03: Posted Mar 14, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-1315-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.; tags | advisory; systems | linux, redhat; advisories | CVE-2024-0985; SHA-256 | 5c07e13176e7ba3129760645563207929dd20831c991cd82a0e00a19a17b4cf7; Download | Favorite | View

Red Hat Security Advisory 2024-1314-03: Posted Mar 14, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-1314-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.; tags | advisory; systems | linux, redhat; advisories | CVE-2024-0985; SHA-256 | 8a03f568fa207cd9a133487dff3b0fecd855fa1c24625d76f411122c04366cda; Download | Favorite | View

Ubuntu Security Notice USN-6656-2: Posted Mar 12, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6656-2 - USN-6656-1 fixed several vulnerabilities in PostgreSQL. This update provides the corresponding updates for Ubuntu 16.04 LTS It was discovered that PostgreSQL incorrectly handled dropping privileges when handling REFRESH MATERIALIZED VIEW CONCURRENTLY commands. If a user or automatic system were tricked into running a specially crafted command, a remote attacker could possibly use this issue to execute arbitrary SQL functions.; tags | advisory, remote, arbitrary, vulnerability; systems | linux, ubuntu; advisories | CVE-2024-0985; SHA-256 | f45b11c7e2648a6365c7c0c4a04b1f4fe6c6106dd3b6d76e794be3a2d298a00a; Download | Favorite | View

Red Hat Security Advisory 2024-1241-03: Posted Mar 12, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-1241-03 - An update for postgresql is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.; tags | advisory; systems | linux, redhat; advisories | CVE-2024-0985; SHA-256 | 81d2e122dc4f561137a9b81b946b42b852b49443e32cf555393ddaa2ef23712c; Download | Favorite | View

Red Hat Security Advisory 2024-1240-03: Posted Mar 12, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-1240-03 - An update for postgresql is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.; tags | advisory; systems | linux, redhat; advisories | CVE-2024-0985; SHA-256 | 6b964382136a6cad5b64f9d306d6ae21eafe4cae72e58a1b42de308fd2dea2d7; Download | Favorite | View

Red Hat Security Advisory 2024-1195-03: Posted Mar 7, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-1195-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.4 Advanced Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.; tags | advisory; systems | linux, redhat; advisories | CVE-2024-0985; SHA-256 | 4a62e85d2e9335b31b753b1873c375b17d09631d47a9bc05cabe94644bfe396a; Download | Favorite | View

Red Hat Security Advisory 2024-1071-03: Posted Mar 5, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-1071-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.; tags | advisory; systems | linux, redhat; advisories | CVE-2024-0985; SHA-256 | 79a9d44b067e4c67a5f18aae0374153639c89df087d301677ddd2404688b0f5c; Download | Favorite | View

Red Hat Security Advisory 2024-1070-03: Posted Mar 5, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-1070-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.; tags | advisory; systems | linux, redhat; advisories | CVE-2024-0985; SHA-256 | a538b8c668e04bbc4b2044ace9bb19d9a60d7b1ab22aa75cb10fa90a33ac49e1; Download | Favorite | View

Red Hat Security Advisory 2024-1069-03: Posted Mar 5, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-1069-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.; tags | advisory; systems | linux, redhat; advisories | CVE-2024-0985; SHA-256 | 58ebc3da7e09fa29607d3274dd47383574689f6a1e09fb041b094c6f25116f2e; Download | Favorite | View

Red Hat Security Advisory 2024-1017-03: Posted Feb 28, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-1017-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.; tags | advisory; systems | linux, redhat; advisories | CVE-2024-0985; SHA-256 | 29be14ea47ab8b6d96708949fab46ba7e2371eac9de3350da2baa61c6f3614cb; Download | Favorite | View

Ubuntu Security Notice USN-6656-1: Posted Feb 27, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6656-1 - It was discovered that PostgreSQL incorrectly handled dropping privileges when handling REFRESH MATERIALIZED VIEW CONCURRENTLY commands. If a user or automatic system were tricked into running a specially crafted command, a remote attacker could possibly use this issue to execute arbitrary SQL functions.; tags | advisory, remote, arbitrary; systems | linux, ubuntu; advisories | CVE-2024-0985; SHA-256 | 6797b8612873d00de8c6c855d9749b296bac7e6a4b0d216f58b119fed0c03bc5; Download | Favorite | View

Red Hat Security Advisory 2024-0992-03: Posted Feb 27, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0992-03 - An update for rh-postgresql10-postgresql is now available for Red Hat Software Collections.; tags | advisory; systems | linux, redhat; advisories | CVE-2024-0985; SHA-256 | d6291af2df11e1db19f24e8b3717ba073eecc78193f560216049e340c1f231d4; Download | Favorite | View

Red Hat Security Advisory 2024-0990-03: Posted Feb 27, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0990-03 - An update for rh-postgresql12-postgresql is now available for Red Hat Software Collections.; tags | advisory; systems | linux, redhat; advisories | CVE-2024-0985; SHA-256 | d7e0c3662d4c5cdf8cbd95caaf0b209a2a72cbef6382b66a3c90aa289c3539ae; Download | Favorite | View

Red Hat Security Advisory 2024-0988-03: Posted Feb 27, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0988-03 - An update for rh-postgresql13-postgresql is now available for Red Hat Software Collections.; tags | advisory; systems | linux, redhat; advisories | CVE-2024-0985; SHA-256 | cf1570a55af5e2f79fae721d9d6919a1dfcb85452725c14be5f2f5a70571b435; Download | Favorite | View

Red Hat Security Advisory 2024-0975-03: Posted Feb 26, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0975-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.; tags | advisory; systems | linux, redhat; advisories | CVE-2024-0985; SHA-256 | ddf60dfaa3f3452387d7bfcf21f571ae1d26d1bf7cf7a72a8d71c0a0d3a835c1; Download | Favorite | View

Red Hat Security Advisory 2024-0974-03: Posted Feb 26, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0974-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.; tags | advisory; systems | linux, redhat; advisories | CVE-2024-0985; SHA-256 | 842781035254527f8ff0ecbcc051b98ba3eea1028d55d9afe079785c57cd7499; Download | Favorite | View

Red Hat Security Advisory 2024-0973-03: Posted Feb 26, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0973-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8.; tags | advisory; systems | linux, redhat; advisories | CVE-2024-0985; SHA-256 | a0d2297705d3944795570778d0a22295e7da472a206f0f636066882682876e74; Download | Favorite | View

Red Hat Security Advisory 2024-0956-03: Posted Feb 26, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0956-03 - An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.; tags | advisory; systems | linux, redhat; advisories | CVE-2024-0985; SHA-256 | 311233ac529890b8d5ce5648b57f3872bbfec1a10f16420e774f8d60dd399c4a; Download | Favorite | View

Red Hat Security Advisory 2024-0951-03: Posted Feb 24, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0951-03 - An update for postgresql is now available for Red Hat Enterprise Linux 9.; tags | advisory; systems | linux, redhat; advisories | CVE-2024-0985; SHA-256 | 214553eadea691b45f4cbb9f31d8593002013312ec8243315ad28d3e92541add; Download | Favorite | View

Page 1 of 2 Back 1 2 Next

Top Authors In Last 30 Days

Red Hat 293 files
Ubuntu 63 files
Debian 33 files
Gentoo 28 files
LiquidWorm 10 files
nu11secur1ty 7 files
Adam Gowdiak 4 files
kai6u 3 files
gabe_k 3 files
liquidsky 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,036)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,495)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,567)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,739)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,489)
UNIX (9,397)
UnixWare (187)
Windows (6,656)
Other

CVE-2024-0985

Overview

Related Files

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems