Vulnerability Details : CVE-2019-9193
Public exploit exists!
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’.
Vulnerability category: Execute code
Products affected by CVE-2019-9193
- cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
Threat overview for CVE-2019-9193
Top countries where our scanners detected CVE-2019-9193
Top open port discovered on systems with this issue
5432
IPs affected by CVE-2019-9193 240,347
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2019-9193!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2019-9193
97.38%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2019-9193
-
PostgreSQL COPY FROM PROGRAM Command Execution
Disclosure Date: 2019-03-20First seen: 2020-04-26exploit/multi/postgres/postgres_copy_from_program_cmd_execInstallations running Postgres 9.3 and above have functionality which allows for the superuser and users with 'pg_execute_server_program' to pipe to and from an external program using COPY. This allows arbitrary command execution as though you have console access. T
CVSS scores for CVE-2019-9193
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST | |
7.2
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
CWE ids for CVE-2019-9193
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-9193
-
https://blog.hagander.net/when-a-vulnerability-is-not-a-vulnerability-244/
When a vulnerability is not a vulnerability - Magnus Hagander's blogThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20190502-0003/
CVE-2019-9193 PostgreSQL in NetApp Products | NetApp Product SecurityThird Party Advisory
-
http://packetstormsecurity.com/files/166540/PostgreSQL-11.7-Remote-Code-Execution.html
PostgreSQL 11.7 Remote Code Execution ≈ Packet Storm
-
https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5
Authenticated Arbitrary Command Execution on PostgreSQL 9.3 > LatestExploit;Third Party Advisory
-
https://paquier.xyz/postgresql-2/postgres-9-3-feature-highlight-copy-tofrom-program/
Postgres 9.3 feature highlight - COPY TO/FROM PROGRAMThird Party Advisory
-
http://packetstormsecurity.com/files/171722/PostgreSQL-9.6.1-Remote-Code-Execution.html
PostgreSQL 9.6.1 Remote Code Execution ≈ Packet Storm
-
http://packetstormsecurity.com/files/152757/PostgreSQL-COPY-FROM-PROGRAM-Command-Execution.html
PostgreSQL COPY FROM PROGRAM Command Execution ≈ Packet StormThird Party Advisory
-
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/authenticated-arbitrary-command-execution-on-postgresql-9-3/
Authenticated Arbitrary Command Execution on PostgreSQL 9.3 > Latest | TrustwaveThird Party Advisory
Jump to