Lucene search
This script is Copyright (C) 2010-2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2010-0428.NASLHistoryMay 20, 2010 - 12:00 a.m.
RHEL 4 : postgresql (RHSA-2010:0428)
2010-05-2000:00:00
This script is Copyright (C) 2010-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
122
CVSS2
8.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
AI Score
7.1
Confidence
High
EPSS
0.956
Percentile
99.4%
The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2010:0428 advisory.
-
postgresql: SQL privilege escalation via modifications to session-local state (CVE-2009-4136)
-
postgresql: substring() negative length argument buffer overflow (CVE-2010-0442)
-
postgresql: Integer overflow in hash table size calculation (CVE-2010-0733)
-
PostgreSQL: PL/Perl Intended restriction bypass (CVE-2010-1169)
-
PostgreSQL: PL/Tcl Intended restriction bypass (CVE-2010-1170)
-
postgresql: improper privilege check during certain RESET ALL operations (CVE-2010-1975)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2010:0428. The text
# itself is copyright (C) Red Hat, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(46682);
script_version("1.25");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/24");
script_cve_id(
"CVE-2009-4136",
"CVE-2010-0442",
"CVE-2010-0733",
"CVE-2010-1169",
"CVE-2010-1170",
"CVE-2010-1975"
);
script_xref(name:"RHSA", value:"2010:0428");
script_name(english:"RHEL 4 : postgresql (RHSA-2010:0428)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates for postgresql.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2010:0428 advisory.
- postgresql: SQL privilege escalation via modifications to session-local state (CVE-2009-4136)
- postgresql: substring() negative length argument buffer overflow (CVE-2010-0442)
- postgresql: Integer overflow in hash table size calculation (CVE-2010-0733)
- PostgreSQL: PL/Perl Intended restriction bypass (CVE-2010-1169)
- PostgreSQL: PL/Tcl Intended restriction bypass (CVE-2010-1170)
- postgresql: improper privilege check during certain RESET ALL operations (CVE-2010-1975)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://access.redhat.com/security/data/csaf/v2/advisories/2010/rhsa-2010_0428.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d16a0911");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2010:0428");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#moderate");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=546321");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=546621");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=559259");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=582615");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=583072");
script_set_attribute(attribute:"solution", value:
"Update the RHEL postgresql package based on the guidance in RHSA-2010:0428.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2010-1169");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2010-0733");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(190);
script_set_attribute(attribute:"vendor_severity", value:"Moderate");
script_set_attribute(attribute:"vuln_publication_date", value:"2009/12/15");
script_set_attribute(attribute:"patch_publication_date", value:"2010/05/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/05/20");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-docs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-jdbc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-pl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-python");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-tcl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-test");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2010-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("redhat_repos.nasl", "ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '4')) audit(AUDIT_OS_NOT, 'Red Hat 4.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'repo_relative_urls': [
'content/dist/rhel/as/4/4AS/i386/os',
'content/dist/rhel/as/4/4AS/i386/source/SRPMS',
'content/dist/rhel/as/4/4AS/x86_64/os',
'content/dist/rhel/as/4/4AS/x86_64/source/SRPMS',
'content/dist/rhel/desktop/4/4Desktop/i386/os',
'content/dist/rhel/desktop/4/4Desktop/i386/source/SRPMS',
'content/dist/rhel/desktop/4/4Desktop/x86_64/os',
'content/dist/rhel/desktop/4/4Desktop/x86_64/source/SRPMS',
'content/dist/rhel/es/4/4ES/i386/os',
'content/dist/rhel/es/4/4ES/i386/source/SRPMS',
'content/dist/rhel/es/4/4ES/x86_64/os',
'content/dist/rhel/es/4/4ES/x86_64/source/SRPMS',
'content/dist/rhel/power/4/4AS/ppc/os',
'content/dist/rhel/power/4/4AS/ppc/source/SRPMS',
'content/dist/rhel/system-z/4/4AS/s390/os',
'content/dist/rhel/system-z/4/4AS/s390/source/SRPMS',
'content/dist/rhel/system-z/4/4AS/s390x/os',
'content/dist/rhel/system-z/4/4AS/s390x/source/SRPMS',
'content/dist/rhel/ws/4/4WS/i386/os',
'content/dist/rhel/ws/4/4WS/i386/source/SRPMS',
'content/dist/rhel/ws/4/4WS/x86_64/os',
'content/dist/rhel/ws/4/4WS/x86_64/source/SRPMS'
],
'pkgs': [
{'reference':'postgresql-7.4.29-1.el4_8.1', 'cpu':'i386', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-7.4.29-1.el4_8.1', 'cpu':'ppc', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-7.4.29-1.el4_8.1', 'cpu':'s390', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-7.4.29-1.el4_8.1', 'cpu':'s390x', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-7.4.29-1.el4_8.1', 'cpu':'x86_64', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-contrib-7.4.29-1.el4_8.1', 'cpu':'i386', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-contrib-7.4.29-1.el4_8.1', 'cpu':'ppc', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-contrib-7.4.29-1.el4_8.1', 'cpu':'s390', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-contrib-7.4.29-1.el4_8.1', 'cpu':'s390x', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-contrib-7.4.29-1.el4_8.1', 'cpu':'x86_64', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-devel-7.4.29-1.el4_8.1', 'cpu':'i386', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-devel-7.4.29-1.el4_8.1', 'cpu':'ppc', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-devel-7.4.29-1.el4_8.1', 'cpu':'s390', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-devel-7.4.29-1.el4_8.1', 'cpu':'s390x', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-devel-7.4.29-1.el4_8.1', 'cpu':'x86_64', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-docs-7.4.29-1.el4_8.1', 'cpu':'i386', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-docs-7.4.29-1.el4_8.1', 'cpu':'ppc', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-docs-7.4.29-1.el4_8.1', 'cpu':'s390', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-docs-7.4.29-1.el4_8.1', 'cpu':'s390x', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-docs-7.4.29-1.el4_8.1', 'cpu':'x86_64', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-jdbc-7.4.29-1.el4_8.1', 'cpu':'i386', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-jdbc-7.4.29-1.el4_8.1', 'cpu':'ppc', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-jdbc-7.4.29-1.el4_8.1', 'cpu':'s390', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-jdbc-7.4.29-1.el4_8.1', 'cpu':'s390x', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-jdbc-7.4.29-1.el4_8.1', 'cpu':'x86_64', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-libs-7.4.29-1.el4_8.1', 'cpu':'i386', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-libs-7.4.29-1.el4_8.1', 'cpu':'ppc', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-libs-7.4.29-1.el4_8.1', 'cpu':'ppc64', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-libs-7.4.29-1.el4_8.1', 'cpu':'s390', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-libs-7.4.29-1.el4_8.1', 'cpu':'s390x', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-libs-7.4.29-1.el4_8.1', 'cpu':'x86_64', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-pl-7.4.29-1.el4_8.1', 'cpu':'i386', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-pl-7.4.29-1.el4_8.1', 'cpu':'ppc', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-pl-7.4.29-1.el4_8.1', 'cpu':'s390', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-pl-7.4.29-1.el4_8.1', 'cpu':'s390x', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-pl-7.4.29-1.el4_8.1', 'cpu':'x86_64', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-python-7.4.29-1.el4_8.1', 'cpu':'i386', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-python-7.4.29-1.el4_8.1', 'cpu':'ppc', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-python-7.4.29-1.el4_8.1', 'cpu':'s390', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-python-7.4.29-1.el4_8.1', 'cpu':'s390x', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-python-7.4.29-1.el4_8.1', 'cpu':'x86_64', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-server-7.4.29-1.el4_8.1', 'cpu':'i386', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-server-7.4.29-1.el4_8.1', 'cpu':'ppc', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-server-7.4.29-1.el4_8.1', 'cpu':'s390', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-server-7.4.29-1.el4_8.1', 'cpu':'s390x', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-server-7.4.29-1.el4_8.1', 'cpu':'x86_64', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-tcl-7.4.29-1.el4_8.1', 'cpu':'i386', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-tcl-7.4.29-1.el4_8.1', 'cpu':'ppc', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-tcl-7.4.29-1.el4_8.1', 'cpu':'s390', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-tcl-7.4.29-1.el4_8.1', 'cpu':'s390x', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-tcl-7.4.29-1.el4_8.1', 'cpu':'x86_64', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-test-7.4.29-1.el4_8.1', 'cpu':'i386', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-test-7.4.29-1.el4_8.1', 'cpu':'ppc', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-test-7.4.29-1.el4_8.1', 'cpu':'s390', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-test-7.4.29-1.el4_8.1', 'cpu':'s390x', 'release':'4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'postgresql-test-7.4.29-1.el4_8.1', 'cpu':'x86_64', 'release':'4', 'rpm_spec_vers_cmp':TRUE}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'postgresql / postgresql-contrib / postgresql-devel / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_linux | postgresql | p-cpe:/a:redhat:enterprise_linux:postgresql |
| redhat | enterprise_linux | postgresql-contrib | p-cpe:/a:redhat:enterprise_linux:postgresql-contrib |
| redhat | enterprise_linux | postgresql-devel | p-cpe:/a:redhat:enterprise_linux:postgresql-devel |
| redhat | enterprise_linux | postgresql-docs | p-cpe:/a:redhat:enterprise_linux:postgresql-docs |
| redhat | enterprise_linux | postgresql-jdbc | p-cpe:/a:redhat:enterprise_linux:postgresql-jdbc |
| redhat | enterprise_linux | postgresql-libs | p-cpe:/a:redhat:enterprise_linux:postgresql-libs |
| redhat | enterprise_linux | postgresql-pl | p-cpe:/a:redhat:enterprise_linux:postgresql-pl |
| redhat | enterprise_linux | postgresql-python | p-cpe:/a:redhat:enterprise_linux:postgresql-python |
| redhat | enterprise_linux | postgresql-server | p-cpe:/a:redhat:enterprise_linux:postgresql-server |
| redhat | enterprise_linux | postgresql-tcl | p-cpe:/a:redhat:enterprise_linux:postgresql-tcl |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4136
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0442
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0733
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1169
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1170
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1975
www.nessus.org/u?d16a0911
access.redhat.com/errata/RHSA-2010:0428
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=546321
bugzilla.redhat.com/show_bug.cgi?id=546621
bugzilla.redhat.com/show_bug.cgi?id=559259
bugzilla.redhat.com/show_bug.cgi?id=582615
bugzilla.redhat.com/show_bug.cgi?id=583072
Related
openvas
openvas
Oracle: Security Advisory (ELSA-2010-0429)
2015-10-06 00:00:00
CentOS Update for rh-postgresql CESA-2010:0427 centos3 i386
2010-05-28 00:00:00
RedHat Update for postgresql RHSA-2010:0427-01
2010-05-28 00:00:00
redhat
redhat
(RHSA-2010:0428) Moderate: postgresql security update
2010-05-19 00:00:00
(RHSA-2010:0429) Moderate: postgresql security update
2010-05-19 00:00:00
(RHSA-2010:0427) Moderate: postgresql security update
2010-05-19 00:00:00
centos
centos
postgresql security update
2010-05-21 22:22:02
postgresql security update
2010-05-28 10:45:13
rh security update
2010-05-21 22:01:26
oraclelinux
oraclelinux
postgresql security update
2010-05-19 00:00:00
postgresql security update
2010-05-19 00:00:00
postgresql security update
2010-05-19 00:00:00
nessus
nessus
RHEL 3 : postgresql (RHSA-2010:0427)
2010-05-20 00:00:00
Oracle Linux 3 : postgresql (ELSA-2010-0427)
2013-07-12 00:00:00
debian
debian
[Backports-security-announce] Security Update for postgresql-8.4
2010-05-25 11:30:45
[Backports-security-announce] Security Update for postgresql-8.4
2010-05-25 11:24:49
osv
osv
postgresql-8.3 - several
2010-05-24 00:00:00
postgresql-7.4 postgresql-8.1 postgresql-8.3 - several vulnerabilities
2009-12-31 00:00:00
ubuntu
ubuntu
PostgreSQL vulnerabilities
2010-05-21 00:00:00
PostgreSQL vulnerability
2010-04-28 00:00:00
PostgreSQL vulnerabilities
2010-01-03 00:00:00
securityvulns
securityvulns
PostgreSQL code execution
2010-05-26 00:00:00
[USN-942-1] PostgreSQL vulnerabilities
2010-05-26 00:00:00
PostgreSQL DoS
2010-04-29 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: postgresql-8.3.11-1.fc11
2010-05-18 21:57:56
[SECURITY] Fedora 13 Update: postgresql-8.4.4-1.fc13
2010-05-18 21:45:09
[SECURITY] Fedora 12 Update: postgresql-8.4.4-1.fc12
2010-05-18 21:53:33
gentoo
gentoo
PostgreSQL: Multiple vulnerabilities
2011-10-25 00:00:00
seebug
seebug
PostgreSQL PL/perl和PL/tcl存储过程绕过安全限制漏洞
2010-05-20 00:00:00
PostgreSQL哈希表大小计算整数溢出漏洞
2010-03-23 00:00:00
Ruby on Rails 'protect_from_forgery'跨站脚本请求伪造漏洞
2009-12-17 00:00:00
threatpost
threatpost
PostgreSQL Vulnerabilities Fixed
2010-05-17 14:36:50
postgresql
postgresql
Vulnerability in core server (CVE-2009-4136)
2009-12-15 18:30:00
Vulnerability in core server (CVE-2010-1975)
2010-05-19 18:30:00
Vulnerability in core server (CVE-2010-1169)
2010-05-19 18:30:00
nvd
nvd
prion
prion
Code injection
2010-10-06 17:00:00
Integer overflow
2010-03-19 19:30:00
Buffer overflow
2010-02-02 18:30:00
veracode
veracode
Privilege Escalation
2020-04-10 00:48:51
Denial Of Service (DoS)
2020-04-10 00:48:52
Denial Of Service (DoS)
2020-04-10 00:48:53
cve
cve
ubuntucve
ubuntucve
cvelist
cvelist
packetstorm
packetstorm
PostgreSQL 8.4.1 Denial Of Service Integer Overflow
2014-06-13 00:00:00
checkpoint_advisories
checkpoint_advisories
PostgreSQL Bit Substring Buffer Overflow (CVE-2010-0442)
2010-09-28 00:00:00
freebsd
freebsd
postgresql -- bitsubstr overflow
2010-01-27 00:00:00
CVSS2
8.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
AI Score
7.1
Confidence
High
EPSS
0.956
Percentile
99.4%
Related for REDHAT-RHSA-2010-0428.NASL