Hacker News new | past | comments | ask | show | jobs | submit login
Dissecting PostgreSQL CVE-2013-1899 (blackwinghq.com)
86 points by craigkerstiens on April 10, 2013 | hide | past | favorite | 7 comments



Nice article.

> Now we have to wait for an administrator to “su – postgres”. Likely? Eh.

This isn't that unlikely. On Debian/Ubuntu, postgres is the database super user and doesn't have a password set by default so the way to administer PostgreSQL is to su to postgres and then run psql/createdb/etc (it relies on local ident authentication).


Exactly, I have done this today!


Yes, it's not unlikely at all. It's a timebomb just waiting to explode.


Very creative. And scary! The shell script could download and run any binary.

Would be neat if there were an exploit which injected something to make further injection impossible.


ehm. anti-virus? there's a whole discussion about it, i won't go into here.

but what can an anti-virus do? best would be to patch the database (might be pretty hard). then it could write something like: echo "you have been hacked!"; exit 0 into the .profile. that will let the user spot the cracking attempt.


What....are you talking about


The latest data from Shodan shows that there are at least 10,610 vulnerable systems (189,680 public PostgreSQL database instances were tested).




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: