Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Red Hat Application Stack v2.4 security and enhancement update
Informations
Name RHSA-2009:1461 First vendor Publication 2009-09-23
Vendor RedHat Last vendor Modification 2009-09-23
Severity (Vendor) Important Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:C/I:C/A:C)
Cvss Base Score 8.5 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 6.8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Red Hat Application Stack v2.4 is now available. This update fixes several security issues and adds various enhancements.

This update has been rated as having important security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Application Stack v2 for Enterprise Linux (v.5) - i386, noarch, x86_64

3. Description:

Red Hat Application Stack v2.4 is an integrated open source application stack, that includes Red Hat Enterprise Linux 5 and JBoss Enterprise Application Platform (EAP). JBoss EAP is provided through the JBoss EAP channels on the Red Hat Network.

PostgreSQL was updated to version 8.2.14, fixing the following security issues:

A flaw was found in the way PostgreSQL handles LDAP-based authentication. If PostgreSQL was configured to use LDAP authentication and the LDAP server was configured to allow anonymous binds, anyone able to connect to a given database could use this flaw to log in as any database user, including a PostgreSQL superuser, without supplying a password. (CVE-2009-3231)

It was discovered that the upstream patch for CVE-2007-6600 included in the Red Hat Security Advisory RHSA-2008:0040 did not include protection against misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An authenticated user could use this flaw to install malicious code that would later execute with superuser privileges. (CVE-2009-3230)

A flaw was found in the way PostgreSQL handles external plug-ins. This flaw could allow remote, authenticated users without superuser privileges to crash the back-end server by using the LOAD command on libraries in "/var/lib/pgsql/plugins/" that have already been loaded, causing a temporary denial of service during crash recovery. (CVE-2009-3229)

MySQL was updated to version 5.0.84, fixing the following security issues:

An insufficient HTML entities quoting flaw was found in the mysql command line client's HTML output mode. If an attacker was able to inject arbitrary HTML tags into data stored in a MySQL database, which was later retrieved using the mysql command line client and its HTML output mode, they could perform a cross-site scripting (XSS) attack against victims viewing the HTML output in a web browser. (CVE-2008-4456)

Multiple format string flaws were found in the way the MySQL server logs user commands when creating and deleting databases. A remote, authenticated attacker with permissions to CREATE and DROP databases could use these flaws to formulate a specifically-crafted SQL command that would cause a temporary denial of service (open connections to mysqld are terminated). (CVE-2009-2446)

Note: To exploit the CVE-2009-2446 flaws, the general query log (the mysqld "--log" command line option or the "log" option in "/etc/my.cnf") must be enabled. This logging is not enabled by default.

PHP was updated to version 5.2.10, fixing the following security issue:

An insufficient input validation flaw was discovered in the PHP exif_read_data() function, used to read Exchangeable image file format (Exif) metadata from images. An attacker could create a specially-crafted image that could cause the PHP interpreter to crash or disclose portions of its memory while reading the Exif metadata from the image. (CVE-2009-2687)

Apache httpd has been updated with backported patches to correct the following security issues:

A NULL pointer dereference flaw was found in the Apache mod_proxy_ftp module. A malicious FTP server to which requests are being proxied could use this flaw to crash an httpd child process via a malformed reply to the EPSV or PASV commands, resulting in a limited denial of service. (CVE-2009-3094)

A second flaw was found in the Apache mod_proxy_ftp module. In a reverse proxy configuration, a remote attacker could use this flaw to bypass intended access restrictions by creating a carefully-crafted HTTP Authorization header, allowing the attacker to send arbitrary commands to the FTP server. (CVE-2009-3095)

Also, the following packages have been updated:

* postgresql-jdbc to 8.2.510 * php-pear to 1.8.1 * perl-DBI to 1.609 * perl-DBD-MySQL to 4.012

All users should upgrade to these updated packages, which resolve these issues. Users must restart the individual services, including postgresql, mysqld, and httpd, for this update to take effect.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

466518 - CVE-2008-4456 mysql: mysql command line client XSS flaw 506896 - CVE-2009-2687 php: exif_read_data crash on corrupted JPEG files 511020 - CVE-2009-2446 MySQL: Format string vulnerability by manipulation with database instances (crash) 521619 - CVE-2009-3094 httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply 522084 - CVE-2009-3231 postgresql: LDAP authentication bypass when anonymous LDAP bind are allowed 522085 - CVE-2009-3230 postgresql: SQL privilege escalation, incomplete fix for CVE-2007-6600 522092 - CVE-2009-3229 postgresql: authenticated user server DoS via plugin re-LOAD-ing 522209 - CVE-2009-3095 httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2009-1461.html

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
CAPEC-13 Subverting Environment Variable Values
CAPEC-17 Accessing, Modifying or Executing Executable Files
CAPEC-22 Exploiting Trust in Client (aka Make the Client Invisible)
CAPEC-39 Manipulating Opaque Client-based Data Tokens
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-51 Poison Web Service Registry
CAPEC-57 Utilizing REST's Trust in the System Resource to Register Man in the Middle
CAPEC-59 Session Credential Falsification through Prediction
CAPEC-60 Reusing Session IDs (aka Session Replay)
CAPEC-76 Manipulating Input to File System Calls
CAPEC-77 Manipulating User-Controlled Variables
CAPEC-87 Forceful Browsing
CAPEC-94 Man in the Middle Attack
CAPEC-104 Cross Zone Scripting
CAPEC-114 Authentication Abuse

CWE : Common Weakness Enumeration

% Id Name
29 % CWE-264 Permissions, Privileges, and Access Controls
14 % CWE-476 NULL Pointer Dereference
14 % CWE-287 Improper Authentication
14 % CWE-134 Uncontrolled Format String (CWE/SANS Top 25)
14 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
14 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10166
 
Oval ID: oval:org.mitre.oval:def:10166
Title: The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.
Description: The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3230
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10493
 
Oval ID: oval:org.mitre.oval:def:10493
Title: PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.
Description: PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.
Family: unix Class: vulnerability
Reference(s): CVE-2007-6600
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10695
 
Oval ID: oval:org.mitre.oval:def:10695
Title: The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.
Description: The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2687
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10981
 
Oval ID: oval:org.mitre.oval:def:10981
Title: The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
Description: The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3094
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11456
 
Oval ID: oval:org.mitre.oval:def:11456
Title: Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
Description: Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4456
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11857
 
Oval ID: oval:org.mitre.oval:def:11857
Title: Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.
Description: Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2446
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12751
 
Oval ID: oval:org.mitre.oval:def:12751
Title: DSA-1877-1 mysql-dfsg-5.0 -- denial of service/execution of arbitrary code
Description: In MySQL 4.0.0 through 5.0.83, multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld allow remote authenticated users to cause a denial of service and potentially the execution of arbitrary code via format string specifiers in a database name in a COM_CREATE_DB or COM_DROP_DB request. For the stable distribution, this problem has been fixed in version 5.0.51a-24+lenny2. For the old stable distribution, this problem has been fixed in version 5.0.32-7etch11. We recommend that you upgrade your mysql packages.
Family: unix Class: patch
Reference(s): DSA-1877-1
CVE-2009-2446
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): mysql-dfsg-5.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13296
 
Oval ID: oval:org.mitre.oval:def:13296
Title: USN-860-1 -- apache2 vulnerabilities
Description: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user�s session. The flaw is with TLS renegotiation and potentially affects any software that supports this feature. Attacks against the HTTPS protocol are known, with the severity of the issue depending on the safeguards used in the web application. Until the TLS protocol and underlying libraries are adjusted to defend against this vulnerability, a partial, temporary workaround has been applied to Apache that disables client initiated TLS renegotiation. This update does not protect against server initiated TLS renegotiation when using SSLVerifyClient and SSLCipherSuite on a per Directory or Location basis. Users can defend againt server inititiated TLS renegotiation attacks by adjusting their Apache configuration to use SSLVerifyClient and SSLCipherSuite only on the server or virtual host level. It was discovered that mod_proxy_ftp in Apache did not properly sanitize its input when processing replies to EPASV and PASV commands. An attacker could use this to cause a denial of service in the Apache child process. Another flaw was discovered in mod_proxy_ftp. If Apache is configured as a reverse proxy, an attacker could send a crafted HTTP header to bypass intended access controls and send arbitrary commands to the FTP server
Family: unix Class: patch
Reference(s): USN-860-1
CVE-2009-3555
CVE-2009-3094
CVE-2009-3095
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): apache2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13370
 
Oval ID: oval:org.mitre.oval:def:13370
Title: USN-824-1 -- php5 vulnerability
Description: It was discovered that PHP did not properly handle certain malformed JPEG images when being parsed by the Exif module. A remote attacker could exploit this flaw and cause the PHP server to crash, resulting in a denial of service.
Family: unix Class: patch
Reference(s): USN-824-1
CVE-2009-2687
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 9.04
Ubuntu 6.06
Ubuntu 8.10
Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13647
 
Oval ID: oval:org.mitre.oval:def:13647
Title: USN-834-1 -- postgresql-8.1, postgresql-8.3 vulnerabilities
Description: It was discovered that PostgreSQL could be made to unload and reload an already loaded module by using the LOAD command. A remote authenticated attacker could exploit this to cause a denial of service. This issue did not affect Ubuntu 6.06 LTS. Due to an incomplete fix for CVE-2007-6600, RESET ROLE and RESET SESSION AUTHORIZATION operations were allowed inside security-definer functions. A remote authenticated attacker could exploit this to escalate privileges within PostgreSQL. It was discovered that PostgreSQL did not properly perform LDAP authentication under certain circumstances. When configured to use LDAP with anonymous binds, a remote attacker could bypass authentication by supplying an empty password. This issue did not affect Ubuntu 6.06 LTS
Family: unix Class: patch
Reference(s): USN-834-1
CVE-2009-3229
CVE-2007-6600
CVE-2009-3230
CVE-2009-3231
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 9.04
Ubuntu 6.06
Ubuntu 8.10
Product(s): postgresql-8.1
postgresql-8.3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13708
 
Oval ID: oval:org.mitre.oval:def:13708
Title: DSA-1900-1 postgresql-7.4, postgresql-8.1, postgresql-8.3, postgresql-8.4 -- several
Description: Several vulnerabilities have been discovered in PostgreSQL, an SQL database system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3229 Authenticated users can shut down the backend server by re-LOAD-ing libraries in $libdir/plugins, if any libraries are present there. CVE-2009-3230 Authenticated non-superusers can gain database superuser privileges if they can create functions and tables due to incorrect execution of functions in functional indexes. CVE-2009-3231 If PostgreSQL is configured with LDAP authentication, and the LDAP configuration allows anonymous binds, it is possible for a user to authenticate themselves with an empty password. In addition, this update contains reliability improvements which do not target security issues. For the old stable distribution, these problems have been fixed in version 1:7.4.26-0etch1 of the postgresql-7.4 source package, and version 8.1.18-0etch1 of the postgresql-8.1 source package. For the stable distribution, these problems have been fixed in version 8.3.8-0lenny1 of the postgresql-8.3 source package. For the unstable distribution, these problems have been fixed in version 8.3.8-1 of the postgresql-8.3 source package, and version 8.4.1-1 of the postgresql-8.4 source package. We recommend that you upgrade your PostgreSQL packages.
Family: unix Class: patch
Reference(s): DSA-1900-1
CVE-2009-3229
CVE-2009-3230
CVE-2009-3231
Version: 7
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): postgresql-7.4
postgresql-8.1
postgresql-8.3
postgresql-8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16775
 
Oval ID: oval:org.mitre.oval:def:16775
Title: USN-568-1 -- postgresql vulnerabilities
Description: Nico Leidecker discovered that PostgreSQL did not properly restrict dblink functions.
Family: unix Class: patch
Reference(s): USN-568-1
CVE-2007-3278
CVE-2007-6601
CVE-2007-4769
CVE-2007-4772
CVE-2007-6067
CVE-2007-6600
Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10
Product(s): postgresql-8.1
postgresql-8.2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20178
 
Oval ID: oval:org.mitre.oval:def:20178
Title: DSA-1783-1 mysql-dfsg-5.0 - several vulnerabilities
Description: Multiple vulnerabilities have been identified affecting MySQL, a relational database server, and its associated interactive client application.
Family: unix Class: patch
Reference(s): DSA-1783-1
CVE-2008-3963
CVE-2008-4456
Version: 5
Platform(s): Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s): mysql-dfsg-5.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22642
 
Oval ID: oval:org.mitre.oval:def:22642
Title: ELSA-2009:1484: postgresql security update (Moderate)
Description: The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.
Family: unix Class: patch
Reference(s): ELSA-2009:1484-01
CVE-2009-0922
CVE-2009-3230
Version: 13
Platform(s): Oracle Linux 5
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22888
 
Oval ID: oval:org.mitre.oval:def:22888
Title: ELSA-2009:1289: mysql security and bug fix update (Moderate)
Description: Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.
Family: unix Class: patch
Reference(s): ELSA-2009:1289-02
CVE-2008-2079
CVE-2008-3963
CVE-2008-4456
CVE-2009-2446
Version: 21
Platform(s): Oracle Linux 5
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28888
 
Oval ID: oval:org.mitre.oval:def:28888
Title: RHSA-2009:1289 -- mysql security and bug fix update (Moderate)
Description: Updated mysql packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
Family: unix Class: patch
Reference(s): RHSA-2009:1289
CESA-2009:1289-CentOS 5
CVE-2008-2079
CVE-2008-3963
CVE-2008-4456
CVE-2009-2446
Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28941
 
Oval ID: oval:org.mitre.oval:def:28941
Title: RHSA-2009:1484 -- postgresql security update (Moderate)
Description: Updated postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced object-relational database management system (DBMS). It was discovered that the upstream patch for CVE-2007-6600 included in the Red Hat Security Advisory RHSA-2008:0038 did not include protection against misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An authenticated user could use this flaw to install malicious code that would later execute with superuser privileges. (CVE-2009-3230)
Family: unix Class: patch
Reference(s): RHSA-2009:1484
CESA-2009:1484-CentOS 5
CVE-2009-0922
CVE-2009-3230
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
CentOS Linux 5
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6655
 
Oval ID: oval:org.mitre.oval:def:6655
Title: HP-UX Running Apache with PHP, Remote Denial of Service (DoS), Unauthorized Access, Privileged Access, Cross Site Scripting (XSS)
Description: The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2687
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7828
 
Oval ID: oval:org.mitre.oval:def:7828
Title: DSA-1900 postgresql-7.4, postgresql-8.1, postgresql-8.3, postgresql-8.4 -- several vulnerabilities
Description: Several vulnerabilities have been discovered in PostgreSQL, an SQL database system. The Common Vulnerabilities and Exposures project identifies the following problems: Authenticated users can shut down the backend server by re-LOAD-ing libraries in $libdir/plugins, if any libraries are present there. (The old stable distribution (etch) is not affected by this issue.) Authenticated non-superusers can gain database superuser privileges if they can create functions and tables due to incorrect execution of functions in functional indexes. If PostgreSQL is configured with LDAP authentication, and the LDAP configuration allows anonymous binds, it is possible for a user to authenticate themselves with an empty password. (The old stable distribution (etch) is not affected by this issue.) In addition, this update contains reliability improvements which do not target security issues.
Family: unix Class: patch
Reference(s): DSA-1900
CVE-2009-3229
CVE-2009-3230
CVE-2009-3231
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): postgresql-7.4
postgresql-8.1
postgresql-8.3
postgresql-8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7877
 
Oval ID: oval:org.mitre.oval:def:7877
Title: DSA-1783 mysql-dfsg-5.0 -- multiple vulnerabilities
Description: Multiple vulnerabilities have been identified affecting MySQL, a relational database server, and its associated interactive client application. The Common Vulnerabilities and Exposures project identifies the following two problems: Kay Roepke reported that the MySQL server would not properly handle an empty bit-string literal in an SQL statement, allowing an authenticated remote attacker to cause a denial of service (a crash) in mysqld. This issue affects the oldstable distribution (etch), but not the stable distribution (lenny). Thomas Henlich reported that the MySQL commandline client application did not encode HTML special characters when run in HTML output mode (that is, "mysql --html ..."). This could potentially lead to cross-site scripting or unintended script privilege escalation if the resulting output is viewed in a browser or incorporated into a web site.
Family: unix Class: patch
Reference(s): DSA-1783
CVE-2008-3963
CVE-2008-4456
Version: 3
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): mysql-dfsg-5.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7905
 
Oval ID: oval:org.mitre.oval:def:7905
Title: DSA-1877 mysql-dfsg-5.0 -- denial of service/execution of arbitrary code
Description: In MySQL 4.0.0 through 5.0.83, multiple format string vulnerabilities in the dispatch_command() function in libmysqld/sql_parse.cc in mysqld allow remote authenticated users to cause a denial of service (daemon crash) and potentially the execution of arbitrary code via format string specifiers in a database name in a COM_CREATE_DB or COM_DROP_DB request.
Family: unix Class: patch
Reference(s): DSA-1877
CVE-2009-2446
Version: 3
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): mysql-dfsg-5.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8087
 
Oval ID: oval:org.mitre.oval:def:8087
Title: Apache mod_proxy_ftp Module Insufficient Input Validation Denial Of Service Vulnerability
Description: The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3094
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Apache
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8662
 
Oval ID: oval:org.mitre.oval:def:8662
Title: Apache mod_proxy_ftp Module Insufficient Input Validation Access Restriction Bypass Vulnerability
Description: The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3095
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Apache
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9363
 
Oval ID: oval:org.mitre.oval:def:9363
Title: The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
Description: The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3095
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 178
Application 2
Application 3
Application 113
Application 318
Application 186
Os 71
Os 4
Os 3
Os 3
Os 5
Os 2
Os 2
Os 4

OpenVAS Exploits

Date Description
2012-03-16 Name : Ubuntu Update for mysql-5.1 USN-1397-1
File : nvt/gb_ubuntu_USN_1397_1.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-22 (postgresql-server postgresql-base)
File : nvt/glsa_201110_22.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201201-02 (MySQL)
File : nvt/glsa_201201_02.nasl
2011-08-09 Name : CentOS Update for postgresql CESA-2009:1484 centos5 i386
File : nvt/gb_CESA-2009_1484_postgresql_centos5_i386.nasl
2011-08-09 Name : CentOS Update for httpd CESA-2009:1580 centos4 i386
File : nvt/gb_CESA-2009_1580_httpd_centos4_i386.nasl
2011-08-09 Name : CentOS Update for httpd CESA-2009:1579 centos5 i386
File : nvt/gb_CESA-2009_1579_httpd_centos5_i386.nasl
2011-08-09 Name : CentOS Update for mysql CESA-2009:1289 centos5 i386
File : nvt/gb_CESA-2009_1289_mysql_centos5_i386.nasl
2011-08-09 Name : CentOS Update for postgresql CESA-2009:1484 centos4 i386
File : nvt/gb_CESA-2009_1484_postgresql_centos4_i386.nasl
2011-08-09 Name : CentOS Update for rh-postgresql CESA-2009:1485 centos3 i386
File : nvt/gb_CESA-2009_1485_rh-postgresql_centos3_i386.nasl
2011-08-09 Name : CentOS Update for php CESA-2010:0040 centos5 i386
File : nvt/gb_CESA-2010_0040_php_centos5_i386.nasl
2011-08-09 Name : CentOS Update for httpd CESA-2009:1579 centos3 i386
File : nvt/gb_CESA-2009_1579_httpd_centos3_i386.nasl
2010-06-23 Name : HP-UX Update for Apache with PHP HPSBUX02543
File : nvt/gb_hp_ux_HPSBUX02543.nasl
2010-06-07 Name : HP-UX Update for Apache-based Web Server HPSBUX02531
File : nvt/gb_hp_ux_HPSBUX02531.nasl
2010-05-12 Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002
File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl
2010-04-19 Name : PHP 'exif_read_data()' JPEG Image Processing Denial Of Service Vulnerability
File : nvt/gb_php_35440.nasl
2010-03-02 Name : Fedora Update for httpd FEDORA-2009-12747
File : nvt/gb_fedora_2009_12747_httpd_fc11.nasl
2010-02-19 Name : CentOS Update for mysql CESA-2010:0110 centos4 i386
File : nvt/gb_CESA-2010_0110_mysql_centos4_i386.nasl
2010-02-19 Name : RedHat Update for mysql RHSA-2010:0110-01
File : nvt/gb_RHSA-2010_0110-01_mysql.nasl
2010-02-15 Name : Ubuntu Update for MySQL vulnerabilities USN-897-1
File : nvt/gb_ubuntu_USN_897_1.nasl
2010-01-19 Name : CentOS Update for php CESA-2010:0040 centos3 i386
File : nvt/gb_CESA-2010_0040_php_centos3_i386.nasl
2010-01-19 Name : CentOS Update for php CESA-2010:0040 centos3 x86_64
File : nvt/gb_CESA-2010_0040_php_centos3_x86_64.nasl
2010-01-19 Name : CentOS Update for php CESA-2010:0040 centos4 i386
File : nvt/gb_CESA-2010_0040_php_centos4_i386.nasl
2010-01-19 Name : CentOS Update for php CESA-2010:0040 centos4 x86_64
File : nvt/gb_CESA-2010_0040_php_centos4_x86_64.nasl
2010-01-19 Name : RedHat Update for php RHSA-2010:0040-01
File : nvt/gb_RHSA-2010_0040-01_php.nasl
2010-01-07 Name : Gentoo Security Advisory GLSA 201001-03 (php)
File : nvt/glsa_201001_03.nasl
2009-12-30 Name : FreeBSD Ports: postgresql-client, postgresql-server
File : nvt/freebsd_postgresql-client.nasl
2009-12-30 Name : Fedora Core 12 FEDORA-2009-12606 (httpd)
File : nvt/fcore_2009_12606.nasl
2009-12-14 Name : Mandriva Security Advisory MDVSA-2009:251-1 (postgresql8.2)
File : nvt/mdksa_2009_251_1.nasl
2009-12-14 Name : Fedora Core 10 FEDORA-2009-12604 (httpd)
File : nvt/fcore_2009_12604.nasl
2009-12-14 Name : Fedora Core 10 FEDORA-2009-12180 (mysql)
File : nvt/fcore_2009_12180.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:326 (mysql)
File : nvt/mdksa_2009_326.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:324 (php)
File : nvt/mdksa_2009_324.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:323 (apache)
File : nvt/mdksa_2009_323.nasl
2009-11-17 Name : CentOS Security Advisory CESA-2009:1580 (httpd)
File : nvt/ovcesa2009_1580.nasl
2009-11-17 Name : CentOS Security Advisory CESA-2009:1579 (httpd)
File : nvt/ovcesa2009_1579.nasl
2009-11-17 Name : RedHat Security Advisory RHSA-2009:1580
File : nvt/RHSA_2009_1580.nasl
2009-11-17 Name : RedHat Security Advisory RHSA-2009:1579
File : nvt/RHSA_2009_1579.nasl
2009-10-27 Name : SLES10: Security update for PHP5
File : nvt/sles10_apache2-mod_php4.nasl
2009-10-27 Name : SuSE Security Summary SUSE-SR:2009:017
File : nvt/suse_sr_2009_017.nasl
2009-10-27 Name : SLES10: Security update for Apache 2
File : nvt/sles10_apache21.nasl
2009-10-27 Name : SLES11: Security update for Apache 2
File : nvt/sles11_apache2.nasl
2009-10-27 Name : SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
File : nvt/suse_sa_2009_050.nasl
2009-10-27 Name : SLES9: Security update for Apache 2
File : nvt/sles9p5060942.nasl
2009-10-19 Name : SuSE Security Summary SUSE-SR:2009:016
File : nvt/suse_sr_2009_016.nasl
2009-10-19 Name : SLES11: Security update for PHP5
File : nvt/sles11_apache2-mod_php1.nasl
2009-10-13 Name : SLES10: Security update for MySQL
File : nvt/sles10_mysql.nasl
2009-10-13 Name : RedHat Security Advisory RHSA-2009:1484
File : nvt/RHSA_2009_1484.nasl
2009-10-13 Name : RedHat Security Advisory RHSA-2009:1485
File : nvt/RHSA_2009_1485.nasl
2009-10-13 Name : CentOS Security Advisory CESA-2009:1484 (postgresql)
File : nvt/ovcesa2009_1484.nasl
2009-10-13 Name : CentOS Security Advisory CESA-2009:1485 (postgresql)
File : nvt/ovcesa2009_1485.nasl
2009-10-13 Name : SLES10: Security update for PostgreSQL
File : nvt/sles10_postgresql1.nasl
2009-10-13 Name : SLES10: Security update for PostgreSQL
File : nvt/sles10_postgresql0.nasl
2009-10-11 Name : SLES11: Security update for PostgreSQL
File : nvt/sles11_postgresql0.nasl
2009-10-11 Name : SLES11: Security update for MySQL
File : nvt/sles11_libmysqlclient1.nasl
2009-10-10 Name : SLES9: Security update for postgresql
File : nvt/sles9p5021809.nasl
2009-10-10 Name : SLES9: Security update for MySQL
File : nvt/sles9p5056120.nasl
2009-10-10 Name : SLES9: Security update for PostgreSQL
File : nvt/sles9p5059340.nasl
2009-10-06 Name : Debian Security Advisory DSA 1900-1 (postgresql-7.4, postgresql-8.1, postgres...
File : nvt/deb_1900_1.nasl
2009-10-01 Name : PostgreSQL Multiple Security Vulnerabilities
File : nvt/postgreSQL_multiple_security_vulnerabilities.nasl
2009-09-28 Name : Ubuntu USN-834-1 (postgresql-8.3)
File : nvt/ubuntu_834_1.nasl
2009-09-28 Name : Mandrake Security Advisory MDVSA-2009:240 (apache)
File : nvt/mdksa_2009_240.nasl
2009-09-28 Name : RedHat Security Advisory RHSA-2009:1461
File : nvt/RHSA_2009_1461.nasl
2009-09-21 Name : CentOS Security Advisory CESA-2009:1289 (mysql)
File : nvt/ovcesa2009_1289.nasl
2009-09-16 Name : Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
File : nvt/secpod_apache_mod_proxy_ftp_dos_vuln.nasl
2009-09-16 Name : Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
File : nvt/secpod_apache_mod_proxy_ftp_cmd_inj_vuln.nasl
2009-09-15 Name : Fedora Core 11 FEDORA-2009-9473 (postgresql)
File : nvt/fcore_2009_9473.nasl
2009-09-15 Name : Fedora Core 10 FEDORA-2009-9474 (postgresql)
File : nvt/fcore_2009_9474.nasl
2009-09-09 Name : RedHat Security Advisory RHSA-2009:1289
File : nvt/RHSA_2009_1289.nasl
2009-09-09 Name : SuSE Security Summary SUSE-SR:2009:014
File : nvt/suse_sr_2009_014.nasl
2009-09-09 Name : Debian Security Advisory DSA 1877-1 (mysql-dfsg-5.0)
File : nvt/deb_1877_1.nasl
2009-09-02 Name : Ubuntu USN-824-1 (php5)
File : nvt/ubuntu_824_1.nasl
2009-08-17 Name : Mandrake Security Advisory MDVSA-2009:167 (php)
File : nvt/mdksa_2009_167.nasl
2009-08-17 Name : Mandrake Security Advisory MDVSA-2009:179 (mysql)
File : nvt/mdksa_2009_179.nasl
2009-07-29 Name : Mandrake Security Advisory MDVSA-2009:159 (mysql)
File : nvt/mdksa_2009_159.nasl
2009-07-17 Name : MySQL 'sql_parse.cc' Multiple Format String Vulnerabilities
File : nvt/gb_mysql_mult_format_string_vuln.nasl
2009-07-06 Name : Mandrake Security Advisory MDVSA-2009:145 (php)
File : nvt/mdksa_2009_145.nasl
2009-06-05 Name : Ubuntu USN-763-1 (xine-lib)
File : nvt/ubuntu_763_1.nasl
2009-04-28 Name : Mandrake Security Advisory MDVSA-2009:094 (mysql)
File : nvt/mdksa_2009_094.nasl
2009-04-09 Name : Mandriva Update for postgresql MDVSA-2008:004 (postgresql)
File : nvt/gb_mandriva_MDVSA_2008_004.nasl
2009-03-23 Name : Ubuntu Update for postgresql vulnerabilities USN-568-1
File : nvt/gb_ubuntu_USN_568_1.nasl
2009-03-06 Name : RedHat Update for postgresql RHSA-2008:0038-01
File : nvt/gb_RHSA-2008_0038-01_postgresql.nasl
2009-03-06 Name : RedHat Update for postgresql RHSA-2008:0039-01
File : nvt/gb_RHSA-2008_0039-01_postgresql.nasl
2009-02-27 Name : CentOS Update for rh-postgresql CESA-2008:0039 centos3 i386
File : nvt/gb_CESA-2008_0039_rh-postgresql_centos3_i386.nasl
2009-02-27 Name : CentOS Update for postgresql CESA-2008:0038 centos4 x86_64
File : nvt/gb_CESA-2008_0038_postgresql_centos4_x86_64.nasl
2009-02-27 Name : CentOS Update for postgresql CESA-2008:0038 centos4 i386
File : nvt/gb_CESA-2008_0038_postgresql_centos4_i386.nasl
2009-02-27 Name : CentOS Update for rh-postgresql CESA-2008:0039 centos3 x86_64
File : nvt/gb_CESA-2008_0039_rh-postgresql_centos3_x86_64.nasl
2009-02-17 Name : Fedora Update for postgresql FEDORA-2008-0478
File : nvt/gb_fedora_2008_0478_postgresql_fc8.nasl
2009-02-17 Name : Fedora Update for postgresql FEDORA-2008-0552
File : nvt/gb_fedora_2008_0552_postgresql_fc7.nasl
2009-01-23 Name : SuSE Update for postgresql SUSE-SA:2008:005
File : nvt/gb_suse_2008_005.nasl
2008-10-03 Name : FreeBSD Ports: mysql-client
File : nvt/freebsd_mysql-client0.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200801-15 (postgresql)
File : nvt/glsa_200801_15.nasl
2008-09-04 Name : FreeBSD Ports: postgresql, postgresql-server
File : nvt/freebsd_postgresql4.nasl
2008-01-31 Name : Debian Security Advisory DSA 1463-1 (postgresql-7.4)
File : nvt/deb_1463_1.nasl
2008-01-31 Name : Debian Security Advisory DSA 1460-1 (postgresql-8.1)
File : nvt/deb_1460_1.nasl
0000-00-00 Name : Slackware Advisory SSA:2010-024-01 httpd
File : nvt/esoft_slk_ssa_2010_024_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
57918 PostgreSQL $libdir/plugins Library Reload Backend Server Shutdown DoS

57917 PostgreSQL LDAP Anonymous Bind Authentication Bypass

57901 PostgreSQL RESET SESSION AUTHORIZATION Remote Privilege Escalation

57882 Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Comm...

57851 Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS

Apache mod_proxy_ftp module contains a flaw that may allow a Remote denial of service. The issue is triggered when NULL-pointer dereference occurs, and will result in loss of availability for Apache child process via a malformed EPSV response.
55734 MySQL sql_parse.cc dispatch_command() Function Format String DoS

55222 PHP exif_read_data() Function JPG Handling DoS

48710 MySQL Command Line Client HTML Output XSS

40904 PostgreSQL Multiple Operation Remote Privilege Escalation

Snort® IPS/IDS

Date Description
2014-01-10 mysql_log COM_DROP_DB format string vulnerability exploit attempt
RuleID : 16708 - Revision : 8 - Type : SERVER-MYSQL
2014-01-10 mysql_log COM_CREATE_DB format string vulnerability exploit attempt
RuleID : 16707 - Revision : 8 - Type : SERVER-MYSQL

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0038.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0039.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1484.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1485.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1579.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1580.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0040.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0110.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1579.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1580.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1289.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080111_postgresql_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090902_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091007_postgresql_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091111_httpd_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100113_php_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100216_mysql_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-03-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1397-1.nasl - Type : ACT_GATHER_INFO
2012-01-16 Name : The remote database server is prone to a denial of service attack.
File : mysql_5_0_38.nasl - Type : ACT_GATHER_INFO
2012-01-16 Name : A remote database client have a cross-site scripting vulnerability.
File : mysql_6_0_14_XSS.nasl - Type : ACT_GATHER_INFO
2012-01-06 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201201-02.nasl - Type : ACT_GATHER_INFO
2011-10-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201110-22.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote web server is affected by multiple vulnerabilities.
File : apache_2_0_64.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-6572.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-mod_php5-6536.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-mod_php5-6847.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-6535.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12747.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_3.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO
2010-02-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201001-03.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1877.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1900.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1934.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1940.nasl - Type : ACT_GATHER_INFO
2010-02-23 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_apache2-mod_php5-100212.nasl - Type : ACT_GATHER_INFO
2010-02-23 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_apache2-mod_php5-100212.nasl - Type : ACT_GATHER_INFO
2010-02-23 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_apache2-mod_php5-100215.nasl - Type : ACT_GATHER_INFO
2010-02-23 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php5-100212.nasl - Type : ACT_GATHER_INFO
2010-02-23 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-mod_php5-6846.nasl - Type : ACT_GATHER_INFO
2010-02-18 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0110.nasl - Type : ACT_GATHER_INFO
2010-02-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0110.nasl - Type : ACT_GATHER_INFO
2010-02-11 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-897-1.nasl - Type : ACT_GATHER_INFO
2010-01-25 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2010-024-01.nasl - Type : ACT_GATHER_INFO
2010-01-14 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0040.nasl - Type : ACT_GATHER_INFO
2010-01-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0040.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1289.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1484.nasl - Type : ACT_GATHER_INFO
2009-12-18 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12606.nasl - Type : ACT_GATHER_INFO
2009-12-17 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_e7bc5600eaa011debd9c00215c6a37bb.nasl - Type : ACT_GATHER_INFO
2009-12-16 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-333.nasl - Type : ACT_GATHER_INFO
2009-12-10 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12604.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-323.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-324.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-326.nasl - Type : ACT_GATHER_INFO
2009-11-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-860-1.nasl - Type : ACT_GATHER_INFO
2009-11-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1579.nasl - Type : ACT_GATHER_INFO
2009-11-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1580.nasl - Type : ACT_GATHER_INFO
2009-10-30 Name : The remote openSUSE host is missing a security update.
File : suse_apache2-6576.nasl - Type : ACT_GATHER_INFO
2009-10-30 Name : The remote openSUSE host is missing a security update.
File : suse_apache2-mod_php5-6505.nasl - Type : ACT_GATHER_INFO
2009-10-26 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12526.nasl - Type : ACT_GATHER_INFO
2009-10-26 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_apache2-091020.nasl - Type : ACT_GATHER_INFO
2009-10-26 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_apache2-091020.nasl - Type : ACT_GATHER_INFO
2009-10-26 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-091020.nasl - Type : ACT_GATHER_INFO
2009-10-26 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-6571.nasl - Type : ACT_GATHER_INFO
2009-10-19 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_apache2-mod_php5-090924.nasl - Type : ACT_GATHER_INFO
2009-10-19 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_apache2-mod_php5-090924.nasl - Type : ACT_GATHER_INFO
2009-10-19 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php5-090924.nasl - Type : ACT_GATHER_INFO
2009-10-19 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-mod_php5-6510.nasl - Type : ACT_GATHER_INFO
2009-10-08 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1485.nasl - Type : ACT_GATHER_INFO
2009-10-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1484.nasl - Type : ACT_GATHER_INFO
2009-10-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1485.nasl - Type : ACT_GATHER_INFO
2009-10-07 Name : The remote web server is affected by multiple vulnerabilities.
File : apache_2_2_14.nasl - Type : ACT_GATHER_INFO
2009-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_libmysqlclient-devel-6360.nasl - Type : ACT_GATHER_INFO
2009-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_postgresql-6502.nasl - Type : ACT_GATHER_INFO
2009-10-02 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-251.nasl - Type : ACT_GATHER_INFO
2009-09-29 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_postgresql-090917.nasl - Type : ACT_GATHER_INFO
2009-09-29 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_postgresql-090917.nasl - Type : ACT_GATHER_INFO
2009-09-28 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12509.nasl - Type : ACT_GATHER_INFO
2009-09-28 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_postgresql-090917.nasl - Type : ACT_GATHER_INFO
2009-09-28 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-6500.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12065.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12456.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libmysqlclient-devel-090716.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mysql-6446.nasl - Type : ACT_GATHER_INFO
2009-09-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-240.nasl - Type : ACT_GATHER_INFO
2009-09-22 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-834-1.nasl - Type : ACT_GATHER_INFO
2009-09-14 Name : The remote Fedora host is missing a security update.
File : fedora_2009-9473.nasl - Type : ACT_GATHER_INFO
2009-09-14 Name : The remote Fedora host is missing a security update.
File : fedora_2009-9474.nasl - Type : ACT_GATHER_INFO
2009-09-11 Name : The database service running on the remote host has an authentication bypass ...
File : postgresql_ldap_auth_bypass.nasl - Type : ACT_GATHER_INFO
2009-08-27 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libmysqlclient-devel-090716.nasl - Type : ACT_GATHER_INFO
2009-08-27 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libmysqlclient-devel-090716.nasl - Type : ACT_GATHER_INFO
2009-08-25 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-824-1.nasl - Type : ACT_GATHER_INFO
2009-07-28 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-159.nasl - Type : ACT_GATHER_INFO
2009-06-29 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-145.nasl - Type : ACT_GATHER_INFO
2009-06-28 Name : The remote host is missing Sun Security Patch number 138826-12
File : solaris10_138826.nasl - Type : ACT_GATHER_INFO
2009-06-28 Name : The remote host is missing Sun Security Patch number 138827-12
File : solaris10_x86_138827.nasl - Type : ACT_GATHER_INFO
2009-06-22 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_2_10.nasl - Type : ACT_GATHER_INFO
2009-04-30 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1783.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-004.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-094.nasl - Type : ACT_GATHER_INFO
2008-10-13 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_4775c8078f3011dd821f001cc0377035.nasl - Type : ACT_GATHER_INFO
2008-04-28 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_51436b4c125011ddbab70016179b2dd5.nasl - Type : ACT_GATHER_INFO
2008-02-11 Name : The remote openSUSE host is missing a security update.
File : suse_postgresql-4955.nasl - Type : ACT_GATHER_INFO
2008-02-06 Name : The remote openSUSE host is missing a security update.
File : suse_postgresql-4958.nasl - Type : ACT_GATHER_INFO
2008-02-06 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-4962.nasl - Type : ACT_GATHER_INFO
2008-02-05 Name : The remote host is missing Sun Security Patch number 136998-10
File : solaris10_136998.nasl - Type : ACT_GATHER_INFO
2008-02-05 Name : The remote host is missing Sun Security Patch number 136999-10
File : solaris10_x86_136999.nasl - Type : ACT_GATHER_INFO
2008-01-29 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200801-15.nasl - Type : ACT_GATHER_INFO
2008-01-15 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1463.nasl - Type : ACT_GATHER_INFO
2008-01-15 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-568-1.nasl - Type : ACT_GATHER_INFO
2008-01-14 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0038.nasl - Type : ACT_GATHER_INFO
2008-01-14 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0039.nasl - Type : ACT_GATHER_INFO
2008-01-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1460.nasl - Type : ACT_GATHER_INFO
2008-01-14 Name : The remote Fedora host is missing a security update.
File : fedora_2008-0478.nasl - Type : ACT_GATHER_INFO
2008-01-14 Name : The remote Fedora host is missing a security update.
File : fedora_2008-0552.nasl - Type : ACT_GATHER_INFO
2008-01-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0038.nasl - Type : ACT_GATHER_INFO
2008-01-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0039.nasl - Type : ACT_GATHER_INFO
2007-03-18 Name : The remote host is missing Sun Security Patch number 123590-12
File : solaris10_123590.nasl - Type : ACT_GATHER_INFO
2007-03-18 Name : The remote host is missing Sun Security Patch number 123591-12
File : solaris10_x86_123591.nasl - Type : ACT_GATHER_INFO