7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.085 Low
EPSS
Percentile
94.5%
The version of PostgreSQL installed on the remote host is 9.0.x prior to 9.0.20, 9.1.x prior to 9.1.16, 9.2.x prior to 9.2.11, 9.3.x prior to 9.3.7, or 9.4.x prior to 9.4.2. It is, therefore, affected by multiple vulnerabilities :
A double free memory error exists after authentication timeout, which a remote attacker can utilize to cause the program to crash. (CVE-2015-3165)
A flaw exists in the printf() functions due to a failure to check for errors. A remote attacker can use this to gain access to sensitive information. (CVE-2015-3166)
pgcrypto has multiple error messages for decryption with an incorrect key. A remote attacker can use this to recover keys from other systems. (CVE-2015-3167)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(83818);
script_version("1.14");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/04");
script_cve_id("CVE-2015-3165", "CVE-2015-3166", "CVE-2015-3167");
script_bugtraq_id(74787, 74789, 74790);
script_name(english:"PostgreSQL 9.0 < 9.0.20 / 9.1 < 9.1.16 / 9.2 < 9.2.11 / 9.3 < 9.3.7 / 9.4 < 9.4.2 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of PostgreSQL installed on the remote host is 9.0.x prior
to 9.0.20, 9.1.x prior to 9.1.16, 9.2.x prior to 9.2.11, 9.3.x prior
to 9.3.7, or 9.4.x prior to 9.4.2. It is, therefore, affected by
multiple vulnerabilities :
- A double free memory error exists after authentication
timeout, which a remote attacker can utilize to cause
the program to crash. (CVE-2015-3165)
- A flaw exists in the printf() functions due to a failure
to check for errors. A remote attacker can use this to
gain access to sensitive information. (CVE-2015-3166)
- pgcrypto has multiple error messages for decryption
with an incorrect key. A remote attacker can use this
to recover keys from other systems. (CVE-2015-3167)");
script_set_attribute(attribute:"see_also", value:"https://www.postgresql.org/about/news/1587/");
script_set_attribute(attribute:"see_also", value:"https://www.postgresql.org/docs/9.0/release-9-0-20.html");
script_set_attribute(attribute:"see_also", value:"https://www.postgresql.org/docs/9.1/release-9-1-16.html");
script_set_attribute(attribute:"see_also", value:"https://www.postgresql.org/docs/9.2/release-9-2-11.html");
script_set_attribute(attribute:"see_also", value:"http://www.postgresql.org/docs/9.3/static/release-9-3-7.html");
script_set_attribute(attribute:"see_also", value:"https://www.postgresql.org/docs/9.4/release-9-4-2.html");
script_set_attribute(attribute:"solution", value:
"Upgrade to PostgreSQL 9.0.20 / 9.1.16 / 9.2.11 / 9.3.7 / 9.4.2 or
later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-3166");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/05/22");
script_set_attribute(attribute:"patch_publication_date", value:"2015/05/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:postgresql:postgresql");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Databases");
script_copyright(english:"This script is Copyright (C) 2015-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("postgresql_version.nbin");
script_require_ports("Services/postgresql", 5432);
exit(0);
}
include("audit.inc");
include("backport.inc");
include("global_settings.inc");
include("misc_func.inc");
port = get_service(svc:"postgresql", default:5432, exit_on_fail:TRUE);
version = get_kb_item_or_exit('database/'+port+'/postgresql/version');
source = get_kb_item_or_exit('database/'+port+'/postgresql/source');
database = get_kb_item('database/'+port+'/postgresql/database_name');
get_backport_banner(banner:source);
if (backported && report_paranoia < 2) audit(AUDIT_BACKPORT_SERVICE, port, 'PostgreSQL server');
ver = split(version, sep:'.');
for (i=0; i < max_index(ver); i++)
ver[i] = int(ver[i]);
if (
(ver[0] == 9 && ver[1] == 0 && ver[2] < 20) ||
(ver[0] == 9 && ver[1] == 1 && ver[2] < 16) ||
(ver[0] == 9 && ver[1] == 2 && ver[2] < 11) ||
(ver[0] == 9 && ver[1] == 3 && ver[2] < 7) ||
(ver[0] == 9 && ver[1] == 4 && ver[2] < 2)
)
{
if (report_verbosity > 0)
{
report = '';
if(database)
report += '\n Database name : ' + database ;
report +=
'\n Version source : ' + source +
'\n Installed version : ' + version +
'\n Fixed version : 9.0.20 / 9.1.16 / 9.2.11 / 9.3.7 / 9.4.2\n';
security_hole(port:port, extra:report);
}
else security_hole(port);
exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, 'PostgreSQL', port, version);
Vendor | Product | Version | CPE |
---|---|---|---|
postgresql | postgresql | cpe:/a:postgresql:postgresql |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3165
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3166
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3167
www.postgresql.org/docs/9.3/static/release-9-3-7.html
www.postgresql.org/about/news/1587/
www.postgresql.org/docs/9.0/release-9-0-20.html
www.postgresql.org/docs/9.1/release-9-1-16.html
www.postgresql.org/docs/9.2/release-9-2-11.html
www.postgresql.org/docs/9.4/release-9-4-2.html
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.085 Low
EPSS
Percentile
94.5%