The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of PostgreSQL: code execution via COPY TO/FROM PROGRAM

Synthesis of the vulnerability 

An attacker can use a vulnerability via COPY TO/FROM PROGRAM of PostgreSQL, in order to run code.
Impacted software: FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiManager, FortiManager Virtual Appliance, PostgreSQL.
Severity of this computer vulnerability: 1/4.
Creation date: 02/04/2019.
Références of this announce: CERTFR-2020-AVI-395, CVE-2019-9193, FG-IR-19-294, VIGILANCE-VUL-28918.

Description of the vulnerability 

An attacker can use a vulnerability via COPY TO/FROM PROGRAM of PostgreSQL, in order to run code.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This threat announce impacts software or systems such as FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiManager, FortiManager Virtual Appliance, PostgreSQL.

Our Vigil@nce team determined that the severity of this cybersecurity alert is low.

The trust level is of type confirmed by the editor, with an origin of privileged account.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a beginner ability can exploit this security alert.

Solutions for this threat 

PostgreSQL: workaround for COPY TO/FROM PROGRAM.
A workaround is to restrict access to Database Superuser.

FortiAnalyzer, FortiManager: solution for PostgreSQL.
The solution is indicated in information sources.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides computer security announces. The technology watch team tracks security threats targeting the computer system.