Lucene search

HistoryApr 08, 2013 - 12:00 a.m.

PostgreSQL 8.4 < 8.4.17 / 9.0 < 9.0.13 / 9.1 < 9.1.9 / 9.2 < 9.2.4 Predictable Random Number Generator

2013-04-0800:00:00

www.tenable.com

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.008 Low

EPSS

Percentile

82.1%

JSON

The version of PostgreSQL installed on the remote host is 8.4.x prior to 8.4.17, 9.0.x prior to 9.0.13, 9.1.x prior to 9.1.9, or 9.2.x prior to 9.2.4. As such, it is potentially affected by an issue where random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(65856);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/04");

  script_cve_id("CVE-2013-1900");
  script_bugtraq_id(58879);
  script_xref(name:"VMSA", value:"2013-0005");

  script_name(english:"PostgreSQL 8.4 < 8.4.17 / 9.0 < 9.0.13 / 9.1 < 9.1.9 / 9.2 < 9.2.4 Predictable Random Number Generator");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by an issue in the random number
generator.");
  script_set_attribute(attribute:"description", value:
"The version of PostgreSQL installed on the remote host is 8.4.x prior
to 8.4.17, 9.0.x prior to 9.0.13, 9.1.x prior to 9.1.9, or 9.2.x prior
to 9.2.4.  As such, it is potentially affected by an issue where random
numbers generated by contrib/pgcrypto functions may be easy for another
database user to guess.");
  script_set_attribute(attribute:"see_also", value:"https://www.postgresql.org/about/news/1456/");
  script_set_attribute(attribute:"see_also", value:"https://www.postgresql.org/docs/8.4/release-8-4-17.html");
  script_set_attribute(attribute:"see_also", value:"https://www.postgresql.org/docs/9.0/release-9-0-13.html");
  script_set_attribute(attribute:"see_also", value:"http://www.postgresql.org/docs/9.1/static/release-9-1-9.html");
  script_set_attribute(attribute:"see_also", value:"http://www.postgresql.org/docs/9.2/static/release-9-2-4.html");
  script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2013-0005.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to PostgreSQL 8.4.17 / 9.0.13 / 9.1.9 / 9.2.4 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/04/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/08");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:postgresql:postgresql");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2013-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("postgresql_version.nbin");
  script_require_ports("Services/postgresql", 5432);

  exit(0);
}

include("audit.inc");
include("backport.inc");
include("global_settings.inc");
include("misc_func.inc");

port = get_service(svc:"postgresql", default:5432, exit_on_fail:TRUE);

version = get_kb_item_or_exit('database/'+port+'/postgresql/version');
source = get_kb_item_or_exit('database/'+port+'/postgresql/source');
database = get_kb_item('database/'+port+'/postgresql/database_name');

get_backport_banner(banner:source);
if (backported && report_paranoia < 2) audit(AUDIT_BACKPORT_SERVICE, port, 'PostgreSQL server');

ver = split(version, sep:'.');
for (i=0; i < max_index(ver); i++)
  ver[i] = int(ver[i]);

if (
  (ver[0] == 8 && ver[1] == 4 && ver[2] < 17) ||
  (ver[0] == 9 && ver[1] == 0 && ver[2] < 13) ||
  (ver[0] == 9 && ver[1] == 1 && ver[2] < 9) ||
  (ver[0] == 9 && ver[1] == 2 && ver[2] < 4)
)
{
  if (report_verbosity > 0)
  {
    report = '';
    if(database)
      report += '\n  Database name     : ' + database;
    report +=
      '\n  Version source    : ' + source +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 8.4.17 / 9.0.13 / 9.1.9 / 9.2.4\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
  exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, 'PostgreSQL', port, version);

VendorProductVersionCPE
postgresqlpostgresqlcpe:/a:postgresql:postgresql

Vendor	Product	Version	CPE
postgresql	postgresql		cpe:/a:postgresql:postgresql

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900

www.postgresql.org/docs/9.1/static/release-9-1-9.html

www.postgresql.org/docs/9.2/static/release-9-2-4.html

www.postgresql.org/about/news/1456/

www.postgresql.org/docs/8.4/release-8-4-17.html

www.postgresql.org/docs/9.0/release-9-0-13.html

www.vmware.com/security/advisories/VMSA-2013-0005.html

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.008 Low

EPSS

Percentile

82.1%

JSON

PostgreSQL 8.4 < 8.4.17 / 9.0 < 9.0.13 / 9.1 < 9.1.9 / 9.2 < 9.2.4 Predictable Random Number Generator

References

Related