Varonis Warns of Bug Discovered in PostgreSQL PL/Perl

  /     /     /  
Publicated : 23/11/2024   Category : security


Varonis Warns of Bug Discovered in PostgreSQL PL/Perl


Several versions of PostgreSQL are impacted, and customers will need to upgrade in order to patch.



Researchers at Varonis discovered a vulnerability
within Postgres
language extension PL/Perl, allowing a user to set arbitrary environment variables in PostgreSQL session processes.
The vulnerability was given a CVSS 8.8 score for severity and could lead to severe security issues, depending on the scenario where its exploited.
Tracked as CVE-2024-10979, the flaw allows a threat actor to modify a sensitive environment, ultimately allowing them to execute arbitrary code without accessing a user of the operating system.
The vulnerability also allows a threat actor to run additional queries to gather information on the machine and its contents.
Versions preceding 
PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21
 are affected by this vulnerability and can be mitigated by upgrading to PostgreSQL, to the latest minor version at a minimum, according to the researchers, as well as restricting allowed extensions.
Postgres customers should also examine ddl logs for creation of functions they do not recognize or did not create themselves to assess if they have been impacted.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Varonis Warns of Bug Discovered in PostgreSQL PL/Perl