# N/A
## 漏洞概述
PostgreSQL 9.3 至 11.2 版本中的 "COPY TO/FROM PROGRAM" 功能允许超级用户及 'pg_execute_server_program' 组的用户以数据库操作系统用户身份执行任意代码。这一功能默认启用,并可被滥用以在 Windows、Linux 和 macOS 上执行任意操作系统命令。
## 影响版本
- PostgreSQL 9.3 至 11.2
## 细节
此漏洞通过 "COPY TO/FROM PROGRAM" 功能实现。允许具备权限的用户(超级用户或 'pg_execute_server_program' 组成员)以数据库操作系统用户身份执行任意代码。此功能默认启用,并能够在多种操作系统上执行任意系统命令。不过,第三方声称 PostgreSQL 的 'COPY TO/FROM PROGRAM' 功能如预期工作,并非漏洞。
## 影响
- 超级用户可以执行任意操作系统命令,执行权限为数据库的运行用户。
- 这可能导致攻击者在数据库服务器上执行任意代码,从而获取主机系统的控制权,带来潜在的安全风险。
- 第三方认为这不应被视为漏洞,因为功能设计初衷即允许此类操作。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | PostgreSQL Remote Code Executuon | https://github.com/wkjung0624/cve-2019-9193 | POC详情 |
| 2 | CVE-2019–9193 - PostgreSQL 9.3-12.3 Authenticated Remote Code Execution | https://github.com/b4keSn4ke/CVE-2019-9193 | POC详情 |
| 3 | PostgreSQL 9.3-11.7 - Remote Code Execution (RCE) | https://github.com/chromanite/CVE-2019-9193-PostgreSQL-9.3-11.7 | POC详情 |
| 4 | None | https://github.com/paulotrindadec/CVE-2019-9193 | POC详情 |
| 5 | is a PoC tool designed to exploit an authenticated Remote Code Execution (RCE) vulnerability in specific versions of PostgreSQL (9.3 - 11.7) | https://github.com/geniuszlyy/CVE-2019-9193 | POC详情 |
| 6 | PoC tool designed to exploit an authenticated Remote Code Execution (RCE) vulnerability in certain versions of PostgreSQL (9.3 - 11.7) | https://github.com/AxthonyV/CVE-2019-9193 | POC详情 |
| 7 | None | https://github.com/A0be/CVE-2019-9193 | POC详情 |
| 8 | is a PoC tool designed to exploit an authenticated Remote Code Execution (RCE) vulnerability in specific versions of PostgreSQL (9.3 - 11.7) | https://github.com/geniuszly/CVE-2019-9193 | POC详情 |
| 9 | None | https://github.com/corsisechero/CVE-2019-9193byVulHub | POC详情 |
| 10 | In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’. | https://github.com/projectdiscovery/nuclei-templates/blob/main/javascript/cves/2019/CVE-2019-9193.yaml | POC详情 |
| 11 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E6%95%B0%E6%8D%AE%E5%BA%93%E6%BC%8F%E6%B4%9E/PostgreSQL%20%E9%AB%98%E6%9D%83%E9%99%90%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2019-9193.md | POC详情 |
| 12 | https://github.com/vulhub/vulhub/blob/master/postgres/CVE-2019-9193/README.md | POC详情 | |
| 13 | PoC tool designed to exploit an authenticated Remote Code Execution (RCE) vulnerability in certain versions of PostgreSQL (9.3 - 11.7) | https://github.com/jhnhnck/CVE-2019-9193 | POC详情 |
暂无评论