Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2021 Tenable Network Security, Inc.MANDRIVA_MDVSA-2009-333.NASL
HistoryDec 16, 2009 - 12:00 a.m.

Mandriva Linux Security Advisory : postgresql (MDVSA-2009:333)

2009-12-1600:00:00
This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.
www.tenable.com
20

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.04 Low

EPSS

Percentile

92.1%

JSON

Multiple vulnerabilities was discovered and corrected in postgresql :

NULL Bytes in SSL Certificates can be used to falsify client or server authentication. This only affects users who have SSL enabled, perform certificate name validation or client certificate authentication, and where the Certificate Authority (CA) has been tricked into issuing invalid certificates. The use of a CA that can be trusted to always issue valid certificates is recommended to ensure you are not vulnerable to this issue (CVE-2009-4034).

Privilege escalation via changing session state in an index function.
This closes a corner case related to vulnerabilities CVE-2009-3230 and CVE-2007-6600 (CVE-2009-4136).

Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations (CVE-2010-0733).

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

This update provides a solution to these vulnerabilities.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2009:333. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(43167);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2009-4034", "CVE-2009-4136", "CVE-2010-0733");
  script_bugtraq_id(37333, 37334);
  script_xref(name:"MDVSA", value:"2009:333");

  script_name(english:"Mandriva Linux Security Advisory : postgresql (MDVSA-2009:333)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple vulnerabilities was discovered and corrected in postgresql :

NULL Bytes in SSL Certificates can be used to falsify client or server
authentication. This only affects users who have SSL enabled, perform
certificate name validation or client certificate authentication, and
where the Certificate Authority (CA) has been tricked into issuing
invalid certificates. The use of a CA that can be trusted to always
issue valid certificates is recommended to ensure you are not
vulnerable to this issue (CVE-2009-4034).

Privilege escalation via changing session state in an index function.
This closes a corner case related to vulnerabilities CVE-2009-3230 and
CVE-2007-6600 (CVE-2009-4136).

Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL
8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote
authenticated users to cause a denial of service (daemon crash) via a
SELECT statement with many LEFT JOIN clauses, related to certain
hashtable size calculations (CVE-2010-0733).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers

This update provides a solution to these vulnerabilities."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.postgresql.org/support/security/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(310);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ecpg-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ecpg5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ecpg8.3_6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ecpg8.4_6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64pq-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64pq5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64pq8.3_5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64pq8.4_5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libecpg-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libecpg5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libecpg8.3_6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libecpg8.4_6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpq-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpq5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpq8.3_5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpq8.4_5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.2-contrib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.2-docs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.2-pl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.2-plperl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.2-plpgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.2-plpython");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.2-pltcl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.2-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.2-test");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.3-contrib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.3-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.3-docs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.3-pl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.3-plperl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.3-plpgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.3-plpython");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.3-pltcl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.3-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.4-contrib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.4-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.4-docs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.4-pl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.4-plperl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.4-plpgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.4-plpython");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.4-pltcl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql8.4-server");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/12/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/16");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64ecpg-devel-8.2.15-0.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64ecpg5-8.2.15-0.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64pq-devel-8.2.15-0.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64pq5-8.2.15-0.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libecpg-devel-8.2.15-0.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libecpg5-8.2.15-0.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libpq-devel-8.2.15-0.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libpq5-8.2.15-0.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"postgresql-8.2.15-0.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"postgresql-devel-8.2.15-0.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"postgresql8.2-8.2.15-0.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"postgresql8.2-contrib-8.2.15-0.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"postgresql8.2-devel-8.2.15-0.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"postgresql8.2-docs-8.2.15-0.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"postgresql8.2-pl-8.2.15-0.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"postgresql8.2-plperl-8.2.15-0.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"postgresql8.2-plpgsql-8.2.15-0.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"postgresql8.2-plpython-8.2.15-0.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"postgresql8.2-pltcl-8.2.15-0.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"postgresql8.2-server-8.2.15-0.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"postgresql8.2-test-8.2.15-0.1mdv2008.0", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64ecpg8.3_6-8.3.9-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64pq8.3_5-8.3.9-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libecpg8.3_6-8.3.9-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libpq8.3_5-8.3.9-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"postgresql8.3-8.3.9-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"postgresql8.3-contrib-8.3.9-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"postgresql8.3-devel-8.3.9-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"postgresql8.3-docs-8.3.9-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"postgresql8.3-pl-8.3.9-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"postgresql8.3-plperl-8.3.9-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"postgresql8.3-plpgsql-8.3.9-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"postgresql8.3-plpython-8.3.9-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"postgresql8.3-pltcl-8.3.9-0.1mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"postgresql8.3-server-8.3.9-0.1mdv2009.0", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2009.1", cpu:"x86_64", reference:"lib64ecpg8.3_6-8.3.9-0.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"x86_64", reference:"lib64pq8.3_5-8.3.9-0.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"libecpg8.3_6-8.3.9-0.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", cpu:"i386", reference:"libpq8.3_5-8.3.9-0.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"postgresql8.3-8.3.9-0.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"postgresql8.3-contrib-8.3.9-0.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"postgresql8.3-devel-8.3.9-0.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"postgresql8.3-docs-8.3.9-0.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"postgresql8.3-pl-8.3.9-0.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"postgresql8.3-plperl-8.3.9-0.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"postgresql8.3-plpgsql-8.3.9-0.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"postgresql8.3-plpython-8.3.9-0.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"postgresql8.3-pltcl-8.3.9-0.1mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"postgresql8.3-server-8.3.9-0.1mdv2009.1", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64ecpg8.4_6-8.4.2-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"x86_64", reference:"lib64pq8.4_5-8.4.2-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libecpg8.4_6-8.4.2-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", cpu:"i386", reference:"libpq8.4_5-8.4.2-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"postgresql8.4-8.4.2-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"postgresql8.4-contrib-8.4.2-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"postgresql8.4-devel-8.4.2-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"postgresql8.4-docs-8.4.2-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"postgresql8.4-pl-8.4.2-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"postgresql8.4-plperl-8.4.2-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"postgresql8.4-plpgsql-8.4.2-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"postgresql8.4-plpython-8.4.2-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"postgresql8.4-pltcl-8.4.2-0.1mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"postgresql8.4-server-8.4.2-0.1mdv2010.0", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxpostgresql8.4-develp-cpe:/a:mandriva:linux:postgresql8.4-devel
mandrivalinuxpostgresql8.4-docsp-cpe:/a:mandriva:linux:postgresql8.4-docs
mandrivalinuxpostgresql8.4-plp-cpe:/a:mandriva:linux:postgresql8.4-pl
mandrivalinuxpostgresql8.4-plperlp-cpe:/a:mandriva:linux:postgresql8.4-plperl
mandrivalinuxpostgresql8.4-plpgsqlp-cpe:/a:mandriva:linux:postgresql8.4-plpgsql
mandrivalinuxpostgresql8.4-plpythonp-cpe:/a:mandriva:linux:postgresql8.4-plpython
mandrivalinuxpostgresql8.4-pltclp-cpe:/a:mandriva:linux:postgresql8.4-pltcl
mandrivalinuxpostgresql8.4-serverp-cpe:/a:mandriva:linux:postgresql8.4-server
mandrivalinux2008.0cpe:/o:mandriva:linux:2008.0
mandrivalinux2009.0cpe:/o:mandriva:linux:2009.0
Rows per page:
1-10 of 531

Related

securityvulns 4
ubuntucve 5
freebsd 1
openvas 66
prion 5
cvelist 5
nvd 5
nessus 58
cve 5
centos 6
fedora 4
osv 2
redhat 7
veracode 4
ubuntu 2
debian 2
oraclelinux 6
postgresql 4
seebug 6
packetstorm 1
gentoo 1
securityvulns
securityvulns
[ MDVSA-2009:333 ] postgresql
2009-12-15 00:00:00
PostgreSQL multiple security vulnerabilities
2009-12-15 00:00:00
[USN-834-1] PostgreSQL vulnerabilities
2009-09-22 00:00:00
ubuntucve
ubuntucve
CVE-2009-4136
2009-12-15 00:00:00
CVE-2009-3230
2009-09-17 00:00:00
CVE-2007-6600
2008-01-09 00:00:00
freebsd
freebsd
postgresql -- multiple vulnerabilities
2009-11-20 00:00:00
openvas
openvas
FreeBSD Ports: postgresql-client, postgresql-server
2009-12-30 00:00:00
FreeBSD Ports: postgresql-client, postgresql-server
2009-12-30 00:00:00
CentOS Update for rh-postgresql CESA-2009:1485 centos3 i386
2011-08-09 00:00:00
prion
prion
Sql injection
2009-12-15 18:30:00
Authorization
2009-09-17 10:30:00
Authorization
2008-01-09 21:46:00
cvelist
cvelist
CVE-2009-4136
2009-12-15 18:00:00
CVE-2009-3230
2009-09-17 10:00:00
CVE-2007-6600
2008-01-09 21:00:00
nvd
nvd
CVE-2009-4136
2009-12-15 18:30:01
CVE-2009-3230
2009-09-17 10:30:00
CVE-2007-6600
2008-01-09 21:46:00
nessus
nessus
FreeBSD : postgresql -- multiple vulnerabilities (e7bc5600-eaa0-11de-bd9c-00215c6a37bb)
2009-12-17 00:00:00
PostgreSQL < 8.4.2 / 8.3.9 / 8.2.15 / 8.1.19 / 8.0.23 / 7.4.27 Multiple Vulnerabilities
2009-12-15 00:00:00
Oracle Linux 3 : postgresql (ELSA-2009-1485)
2013-07-12 00:00:00
cve
cve
CVE-2009-4136
2009-12-15 18:30:01
CVE-2009-3230
2009-09-17 10:30:00
CVE-2010-0733
2010-03-19 19:30:00
centos
centos
rh security update
2009-10-07 21:13:30
postgresql security update
2009-10-09 15:00:55
rh security update
2010-05-21 22:01:26
fedora
fedora
[SECURITY] Fedora 12 Update: postgresql-8.4.2-1.fc12
2009-12-18 04:39:48
[SECURITY] Fedora 11 Update: postgresql-8.3.9-1.fc11
2009-12-18 04:36:29
[SECURITY] Fedora 11 Update: postgresql-8.3.8-1.fc11
2009-09-11 23:21:13
osv
osv
postgresql-7.4 postgresql-8.1 postgresql-8.3 - several vulnerabilities
2009-12-31 00:00:00
postgresql-7.4 postgresql-8.1 postgresql-8.3 - various problems
2009-10-02 00:00:00
redhat
redhat
(RHSA-2009:1485) Moderate: postgresql security update
2009-10-07 00:00:00
(RHSA-2009:1484) Moderate: postgresql security update
2009-10-07 00:00:00
(RHSA-2010:0427) Moderate: postgresql security update
2010-05-19 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:37:07
Privilege Escalation
2020-04-10 00:19:40
Privilege Escalation
2020-04-10 00:48:51
ubuntu
ubuntu
PostgreSQL vulnerabilities
2010-01-03 00:00:00
PostgreSQL vulnerabilities
2009-09-21 00:00:00
debian
debian
[SECURITY] [DSA-1964-1] New PostgreSQL packages fix several vulnerabilities
2009-12-31 16:38:37
[SECURITY] [DSA 1900-1] New PostgreSQL packages fix various problems
2009-10-02 19:09:39
oraclelinux
oraclelinux
postgresql security update
2010-05-19 00:00:00
postgresql security update
2009-10-07 00:00:00
postgresql security update
2010-05-19 00:00:00
postgresql
postgresql
Vulnerability in core server (CVE-2007-6600)
2008-01-09 21:46:00
Vulnerability in core server (CVE-2009-4136)
2009-12-15 18:30:00
Vulnerability in core server (CVE-2009-3230)
2009-09-17 10:30:00
seebug
seebug
PostgreSQL哈希表大小计算整数溢出漏洞
2010-03-23 00:00:00
PostgreSQL索引功能权限提升漏洞
2009-12-29 00:00:00
Ruby on Rails 'protect_from_forgery'跨站脚本请求伪造漏洞
2009-12-17 00:00:00
packetstorm
packetstorm
PostgreSQL 8.4.1 Denial Of Service Integer Overflow
2014-06-13 00:00:00
gentoo
gentoo
PostgreSQL: Multiple vulnerabilities
2011-10-25 00:00:00

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.04 Low

EPSS

Percentile

92.1%

JSON
Related for MANDRIVA_MDVSA-2009-333.NASL
securityvulns4ubuntucve5freebsd1openvas66prion5cvelist5nvd5nessus58cve5centos6fedora4osv2redhat7veracode4ubuntu2debian2oraclelinux6postgresql4seebug6packetstorm1gentoo1