oss-sec mailing list archives
Re: CVE Request: PgBouncer: failed auth_query lookup leads to connection as auth_user
From: cve-assign () mitre org
Date: Sat, 5 Sep 2015 12:39:39 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://pgbouncer.github.io/2015/09/pgbouncer-1-6-1/ https://github.com/pgbouncer/pgbouncer/issues/69 https://github.com/pgbouncer/pgbouncer/commit/7ca3e5279d05fceb1e8a043c6f5b6f58dea3ed38
http://comments.gmane.org/gmane.comp.db.postgresql.pgbouncer.general/1251 auth_user is already set (to the config auth_user value). Thus, getting no rows back from the auth_query lets one log in as the powerful auth_user user
The real bug was assigning db->auth_user to client->auth_user in the first place.
Use CVE-2015-6817. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJV6xpiAAoJEL54rhJi8gl5xggP/ifKkzMNnMHj6gpM3wvGfgNk 7cp/i+FaEz/q6o+f7ZGY7uTRnPaaD51QXWQpg4FZZpEN5MuXCEYzx9zwXZVJxEte Pbim83MHo0ubnMABwkP/9rKDo5l+e3mFHB5DM+mKsWwdwudK1wUCoTxWo19VISPn nZH6sEwPmj2OFIRD01sq7J/WPaE1Yc7UGDLX2nwO6+sGQfkTLcOl6DXSXQWry0xO PJiUKynWfSnEr8fyGtw1/8Y0X7JcBTSxOJ/fcPxSpTfatmtePnMYRf9a8+AlS7fV K8tuecXItQo8hyQEKxzayMy0tilFOww3xWoxdLTeziQZeIvywjvL9Keij+PhHTXH +Fcb4sMb7O1wdpIx4mlvTvleF1PHTccUB41tqRvWz+V+i9ag49ER+qpEpJkhpZ5V tNJkEf4O71lDFgzWnSXfJeNYUDasMkK/JqJyZ8jrUDlIkrKfqjrsgnji1ytuD+wh 5rMWNjDeFMUtzEWR8fDTDCVzcYPmnvI1yaW+U9EjHzXzFqKLaueP9NTQGtBTBCnq cRhI435z59m7ILXTbVGxo4IGmhVtLWqZMSfHI/7ImQBuNYfMw6thRA9hHHOUEP6m iSsRrrahj3aYOJCmt76c1cyk0wy/MoW2oE6Ijt9+dKenFC11sn0rx4YLW5gbkbs3 DxI5O04+S3maL6o50vuE =7MYo -----END PGP SIGNATURE-----
Current thread:
- CVE Request: PgBouncer: failed auth_query lookup leads to connection as auth_user Salvatore Bonaccorso (Sep 04)
- Re: CVE Request: PgBouncer: failed auth_query lookup leads to connection as auth_user cve-assign (Sep 05)