DB: Postgresql COPY FROM PROGRAM Command Execution
This signature detects attempts to exploit a known vulnerability against Postgresql. A successful attack can lead to arbitrary code execution.
Extended Description
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for COPY TO/FROM PROGRAM is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the COPY FROM PROGRAM.
Affected Products
Postgresql postgresql
References
CVE: CVE-2019-9193
Short Name
DB:POSTGRESQL:COPY-FROM-RCE
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
DB
Keywords
COPY CVE-2019-9193 Command Execution FROM PROGRAM Postgresql
Release Date
10/01/2020
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3650
False Positive
Unknown
Vendors
Postgresql
CVSS Score
9.0