Обсуждение: Building PostgreSQL old version from source to test vulnerability CVE-2017-7546
Building PostgreSQL old version from source to test vulnerability CVE-2017-7546
"User Id={2};Password={3};Database={4};PersistSecurityInfo=true",
//"10.5.0.73", "10005", "postgres", //Docker inside Linux Mint's VM with port mapped like "docker run -p 10005:5432 ..."
//"10.5.0.73", "5432", "postgres", //Linux Mint's VM
"10.5.0.163", "5432", "postgres", //Ubuntu server's VM
"", "postgres");
- Building from the same commit zip file in another VM (Ubuntu server).
- Using DockerHub's versions which are expected to be vulnerable (like 9.2.20, 9.6.3 and 9.6.2).
- With a custom Docker container based on debian:jessie (also tried with ubuntu:latest).
sudo lsof -i -P -n | grep LISTEN
No password has been provided but the backend requires one (in plaintext)
Julián Jiménez González
Investigador - Desarrollador | Área de Servicios y Aplicaciones
Researcher - Developer | Services & Applications Department
Ph. (+34) 986 120 430 Ext. 3021
jjimenez@gradiant.org | www.gradiant.org
Take care of the environment. Try not to print this email.
The information contained in this email message may be confidential information, and may also be the subject of legal professional privilege. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorized and prohibited. Please inform us immediately and destroy the email. Thank you for your cooperation.
Re: Building PostgreSQL old version from source to testvulnerability CVE-2017-7546
Re: Julián Jiménez González 2018-02-21 <CAANxhjKZKWh-Rfdh=OvUPOmobKiSm54j9MdACeKOV=y_iiaHtw@mail.gmail.com> > I need and would greatly appreciate any help tracking this problem down. I'd try setting gdb breakpoints on the relevant code lines/functions. If it helps, old Ubuntu packages are available there: http://atalia.postgresql.org/morgue/ https://wiki.postgresql.org/wiki/Apt/FAQ#Where_are_older_versions_of_the_packages.3F Christoph
Re: Building PostgreSQL old version from source to test vulnerability CVE-2017-7546
Julián Jiménez González
Investigador - Desarrollador | Área de Servicios y Aplicaciones
Researcher - Developer | Services & Applications Department
Ph. (+34) 986 120 430 Ext. 3021
jjimenez@gradiant.org | www.gradiant.org
Take care of the environment. Try not to print this email.
The information contained in this email message may be confidential information, and may also be the subject of legal professional privilege. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorized and prohibited. Please inform us immediately and destroy the email. Thank you for your cooperation.
Re: Julián Jiménez González 2018-02-21 <CAANxhjKZKWh-Rfdh=OvUPOmobKiSm54j9MdACeKOV=y_ iiaHtw@mail.gmail.com>
> I need and would greatly appreciate any help tracking this problem down.
I'd try setting gdb breakpoints on the relevant code lines/functions.
If it helps, old Ubuntu packages are available there:
http://atalia.postgresql.org/morgue/
https://wiki.postgresql.org/wiki/Apt/FAQ#Where_are_older_ versions_of_the_packages.3F
Christoph