Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2012-603.NASL
HistoryJun 13, 2014 - 12:00 a.m.

openSUSE Security Update : postgresql (openSUSE-SU-2012:1173-1)

2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.009

Percentile

83.2%

JSON

Postgresql was updated to the security and bugfix release 9.1.3 :

  • Require execute permission on the trigger function for ‘CREATE TRIGGER’ (CVE-2012-0866, bnc#749299).

  • Remove arbitrary limitation on length of common name in SSL certificates (CVE-2012-0867, bnc#749301).

  • Convert newlines to spaces in names written in pg_dump comments (CVE-2012-0868, bnc#749303).

  • See the release notes for the rest of the changes:
    http://www.postgresql.org/docs/9.1/static/release.html /usr/share/doc/packages/postgresql/HISTORY

  • This also fixes bnc#701489.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2012-603.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(74756);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2012-0866", "CVE-2012-0867", "CVE-2012-0868");

  script_name(english:"openSUSE Security Update : postgresql (openSUSE-SU-2012:1173-1)");
  script_summary(english:"Check for the openSUSE-2012-603 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Postgresql was updated to the security and bugfix release 9.1.3 :

  - Require execute permission on the trigger function for
    'CREATE TRIGGER' (CVE-2012-0866, bnc#749299).

  - Remove arbitrary limitation on length of common name in
    SSL certificates (CVE-2012-0867, bnc#749301).

  - Convert newlines to spaces in names written in pg_dump
    comments (CVE-2012-0868, bnc#749303).

  - See the release notes for the rest of the changes:
    http://www.postgresql.org/docs/9.1/static/release.html
    /usr/share/doc/packages/postgresql/HISTORY

  - This also fixes bnc#701489."
  );
  # http://www.postgresql.org/docs/9.1/static/release.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.postgresql.org/docs/9.1/release.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=701489"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=749299"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=749301"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=749303"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected postgresql packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libecpg6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libecpg6-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpq5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpq5-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpq5-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpq5-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql-contrib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql-contrib-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql-devel-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql-libs-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql-plperl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql-plperl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql-plpython");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql-plpython-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql-pltcl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql-pltcl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql-server-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/09/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.2", reference:"libecpg6-9.1.3-7.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"libecpg6-debuginfo-9.1.3-7.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"libpq5-9.1.3-7.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"libpq5-debuginfo-9.1.3-7.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"postgresql-9.1.3-7.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"postgresql-contrib-9.1.3-7.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"postgresql-contrib-debuginfo-9.1.3-7.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"postgresql-debuginfo-9.1.3-7.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"postgresql-debugsource-9.1.3-7.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"postgresql-devel-9.1.3-7.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"postgresql-devel-debuginfo-9.1.3-7.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"postgresql-libs-debugsource-9.1.3-7.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"postgresql-plperl-9.1.3-7.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"postgresql-plperl-debuginfo-9.1.3-7.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"postgresql-plpython-9.1.3-7.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"postgresql-plpython-debuginfo-9.1.3-7.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"postgresql-pltcl-9.1.3-7.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"postgresql-pltcl-debuginfo-9.1.3-7.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"postgresql-server-9.1.3-7.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"postgresql-server-debuginfo-9.1.3-7.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libpq5-32bit-9.1.3-7.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libpq5-debuginfo-32bit-9.1.3-7.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"postgresql-devel-32bit-9.1.3-7.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"postgresql-devel-debuginfo-32bit-9.1.3-7.4.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql");
}
VendorProductVersionCPE
novellopensuselibecpg6p-cpe:/a:novell:opensuse:libecpg6
novellopensuselibecpg6-debuginfop-cpe:/a:novell:opensuse:libecpg6-debuginfo
novellopensuselibpq5p-cpe:/a:novell:opensuse:libpq5
novellopensuselibpq5-32bitp-cpe:/a:novell:opensuse:libpq5-32bit
novellopensuselibpq5-debuginfop-cpe:/a:novell:opensuse:libpq5-debuginfo
novellopensuselibpq5-debuginfo-32bitp-cpe:/a:novell:opensuse:libpq5-debuginfo-32bit
novellopensusepostgresqlp-cpe:/a:novell:opensuse:postgresql
novellopensusepostgresql-contribp-cpe:/a:novell:opensuse:postgresql-contrib
novellopensusepostgresql-contrib-debuginfop-cpe:/a:novell:opensuse:postgresql-contrib-debuginfo
novellopensusepostgresql-debuginfop-cpe:/a:novell:opensuse:postgresql-debuginfo
Rows per page:
1-10 of 251

Related

openvas 40
nessus 27
redhat 2
centos 2
veracode 3
debian 1
oraclelinux 3
fedora 7
seebug 1
securityvulns 2
amazon 1
ubuntu 1
freebsd 1
osv 1
gentoo 1
cve 3
prion 3
cvelist 3
nvd 3
postgresql 3
ubuntucve 3
openvas
openvas
Fedora Update for postgresql FEDORA-2012-2591
2012-04-02 00:00:00
Fedora Update for postgresql FEDORA-2012-2589
2012-03-09 00:00:00
Oracle: Security Advisory (ELSA-2012-0678)
2015-10-06 00:00:00
nessus
nessus
RHEL 4 : postgresql (Unpatched Vulnerability)
2024-06-03 00:00:00
Fedora 17 : postgresql-9.1.3-1.fc17 (2012-2508)
2012-03-07 00:00:00
PostgreSQL < 9.1.3 / 9.0.7 / 8.4.11 Multiple Vulnerabilities
2012-02-28 00:00:00
redhat
redhat
(RHSA-2012:0678) Moderate: postgresql and postgresql84 security update
2012-05-21 00:00:00
(RHSA-2012:0677) Moderate: postgresql security update
2012-05-21 00:00:00
centos
centos
postgresql, postgresql84 security update
2012-05-21 16:41:51
postgresql security update
2012-05-21 16:39:19
veracode
veracode
Spoofing Vulnerability
2019-05-02 04:41:15
Arbitrary Code Execution
2019-05-02 04:41:14
Privilege Escalation
2019-01-15 08:51:21
debian
debian
[SECURITY] [DSA 2418-1] postgresql-8.4 security update
2012-02-27 17:43:53
oraclelinux
oraclelinux
postgresql and postgresql84 security update
2012-05-21 00:00:00
postgresql and postgresql84 security update
2012-06-25 00:00:00
postgresql security update
2012-05-21 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: postgresql-9.1.3-1.fc17
2012-03-06 20:40:53
[SECURITY] Fedora 16 Update: postgresql-9.1.3-1.fc16
2012-03-08 04:01:20
[SECURITY] Fedora 16 Update: postgresql-9.1.3-1.fc16
2012-03-08 04:54:15
seebug
seebug
PostgreSQL 8.x/9.x ć­˜ćœšć€šäžȘćź‰ć…šæŒæŽž
2012-02-29 00:00:00
securityvulns
securityvulns
[ MDVSA-2012:026 ] postgresql
2012-03-09 00:00:00
PostgreSQL vulnerabilities
2012-03-09 00:00:00
amazon
amazon
Medium: postgresql8
2012-05-23 10:08:00
ubuntu
ubuntu
PostgreSQL vulnerabilities
2012-02-28 00:00:00
freebsd
freebsd
databases/postgresql*-client -- multiple vulnerabilities
2012-02-27 00:00:00
osv
osv
postgresql-8.4 - several
2012-02-27 00:00:00
gentoo
gentoo
PostgreSQL: Multiple vulnerabilities
2012-09-28 00:00:00
cve
cve
CVE-2012-0868
2012-07-18 23:55:01
CVE-2012-0867
2012-07-18 23:55:01
CVE-2012-0866
2012-07-18 23:55:01
prion
prion
Code injection
2012-07-18 23:55:00
Crlf injection
2012-07-18 23:55:00
Design/Logic Flaw
2012-07-18 23:55:00
cvelist
cvelist
CVE-2012-0867
2012-07-18 23:00:00
CVE-2012-0868
2012-07-18 23:00:00
CVE-2012-0866
2012-07-18 23:00:00
nvd
nvd
CVE-2012-0867
2012-07-18 23:55:01
CVE-2012-0868
2012-07-18 23:55:01
CVE-2012-0866
2012-07-18 23:55:01
postgresql
postgresql
Vulnerability in core server (CVE-2012-0867)
2012-07-18 23:55:00
Vulnerability in core server (CVE-2012-0868)
2012-07-18 23:55:00
Vulnerability in core server (CVE-2012-0866)
2012-07-18 23:55:00
ubuntucve
ubuntucve
CVE-2012-0867
2012-02-28 00:00:00
CVE-2012-0868
2012-02-28 00:00:00
CVE-2012-0866
2012-02-28 00:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.009

Percentile

83.2%

JSON
Related for OPENSUSE-2012-603.NASL
openvas40nessus27redhat2centos2veracode3debian1oraclelinux3fedora7seebug1securityvulns2amazon1ubuntu1freebsd1osv1gentoo1cve3prion3cvelist3nvd3postgresql3ubuntucve3