FreeBSD: VID-7A8B6170-A889-11ED-BBAE-6CC21735F730 (CVE-2022-41862): PostgreSQL server -- Client memory disclosure when connecting, with Kerberos, to modified server.
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From VID-7A8B6170-A889-11ED-BBAE-6CC21735F730:
PostgreSQL Project reports:
A modified, unauthenticated server can send an
unterminated string during the establishment of Kerberos
transport encryption. When a libpq client application
has a Kerberos credential cache and doesn't explicitly
disable option gssencmode, a server can cause libpq to
over-read and report an error message containing
uninitialized bytes from and following its receive
buffer. If libpq's caller somehow makes that message
accessible to the attacker, this achieves a disclosure
of the over-read bytes. We have not confirmed or ruled
out viability of attacks that arrange for a crash or for
presence of notable, confidential information in
disclosed bytes.
Solution(s)
- freebsd-upgrade-package-postgresql12-client
- freebsd-upgrade-package-postgresql13-client
- freebsd-upgrade-package-postgresql14-client
- freebsd-upgrade-package-postgresql15-client
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center