Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Titlepostgresql84 security update
Informations
NameRHSA-2011:0198First vendor Publication2011-02-03
VendorRedHatLast vendor Modification2011-02-03
Severity (Vendor) ModerateRevision01

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Cvss Base Score6.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score8AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated postgresql84 packages that fix one security issue are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system (DBMS).

A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from an SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially-crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-4015)

Red Hat would like to thank Geoff Keating of the Apple Product Security team for reporting this issue.

These updated postgresql84 packages upgrade PostgreSQL to version 8.4.7. Refer to the PostgreSQL Release Notes for a full list of changes:

http://www.postgresql.org/docs/8.4/static/release.html

All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update.

4. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

664402 - CVE-2010-4015 PostgreSQL: Stack-based buffer overflow by processing certain tokens from SQL query string when intarray module enabled

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2011-0198.html

CWE : Common Weakness Enumeration

idName
CWE-189Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21827
 
Oval ID: oval:org.mitre.oval:def:21827
Title: RHSA-2011:0198: postgresql84 security update (Moderate)
Description: Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.
Family: unix Class: patch
Reference(s): RHSA-2011:0198-01
CESA-2011:0198
CVE-2010-4015
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): postgresql84
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21138
 
Oval ID: oval:org.mitre.oval:def:21138
Title: RHSA-2011:0197: postgresql security update (Moderate)
Description: Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.
Family: unix Class: patch
Reference(s): RHSA-2011:0197-01
CVE-2010-4015
Version: 4
Platform(s): Red Hat Enterprise Linux 6
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13707
 
Oval ID: oval:org.mitre.oval:def:13707
Title: USN-1058-1 -- postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerability
Description: Geoff Keating reported that a buffer overflow exists in the intarray module�s input function for the query_int type. This could allow an attacker to cause a denial of service or possibly execute arbitrary code as the postgres user.
Family: unix Class: patch
Reference(s): USN-1058-1
CVE-2010-4015
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 10.04
Ubuntu 9.10
Ubuntu 6.06
Product(s): postgresql-8.1
postgresql-8.3
postgresql-8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12782
 
Oval ID: oval:org.mitre.oval:def:12782
Title: DSA-2157-1 postgresql-8.3, postgresql-8.4, postgresql-9.0 -- buffer overflow
Description: It was discovered that PostgreSQL's intarray contrib module does not properly handle integers with a large number of digits, leading to a server crash and potentially arbitrary code execution.
Family: unix Class: patch
Reference(s): DSA-2157-1
CVE-2010-4015
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): postgresql-8.3, postgresql-8.4, postgresql-9.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23539
 
Oval ID: oval:org.mitre.oval:def:23539
Title: ELSA-2011:0197: postgresql security update (Moderate)
Description: Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.
Family: unix Class: patch
Reference(s): ELSA-2011:0197-01
CVE-2010-4015
Version: 6
Platform(s): Oracle Linux 6
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23125
 
Oval ID: oval:org.mitre.oval:def:23125
Title: ELSA-2011:0198: postgresql84 security update (Moderate)
Description: Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.
Family: unix Class: patch
Reference(s): ELSA-2011:0198-01
CVE-2010-4015
Version: 6
Platform(s): Oracle Linux 5
Product(s): postgresql84
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application44

OpenVAS Exploits

DateDescription
2012-07-30Name : CentOS Update for postgresql CESA-2011:0197 centos4 x86_64
File : nvt/gb_CESA-2011_0197_postgresql_centos4_x86_64.nasl
2012-07-30Name : CentOS Update for postgresql CESA-2011:0197 centos5 x86_64
File : nvt/gb_CESA-2011_0197_postgresql_centos5_x86_64.nasl
2012-07-30Name : CentOS Update for postgresql84 CESA-2011:0198 centos5 x86_64
File : nvt/gb_CESA-2011_0198_postgresql84_centos5_x86_64.nasl
2012-02-12Name : Gentoo Security Advisory GLSA 201110-22 (postgresql-server postgresql-base)
File : nvt/glsa_201110_22.nasl
2011-08-09Name : CentOS Update for postgresql CESA-2011:0197 centos5 i386
File : nvt/gb_CESA-2011_0197_postgresql_centos5_i386.nasl
2011-08-09Name : CentOS Update for postgresql84 CESA-2011:0198 centos5 i386
File : nvt/gb_CESA-2011_0198_postgresql84_centos5_i386.nasl
2011-02-11Name : Fedora Update for postgresql FEDORA-2011-0963
File : nvt/gb_fedora_2011_0963_postgresql_fc13.nasl
2011-02-11Name : Fedora Update for postgresql FEDORA-2011-0990
File : nvt/gb_fedora_2011_0990_postgresql_fc14.nasl
2011-02-11Name : Mandriva Update for postgresql MDVSA-2011:021 (postgresql)
File : nvt/gb_mandriva_MDVSA_2011_021.nasl
2011-02-11Name : CentOS Update for postgresql CESA-2011:0197 centos4 i386
File : nvt/gb_CESA-2011_0197_postgresql_centos4_i386.nasl
2011-02-04Name : Ubuntu Update for PostgreSQL vulnerability USN-1058-1
File : nvt/gb_ubuntu_USN_1058_1.nasl
2011-02-04Name : RedHat Update for postgresql RHSA-2011:0197-01
File : nvt/gb_RHSA-2011_0197-01_postgresql.nasl
2011-02-04Name : RedHat Update for postgresql84 RHSA-2011:0198-01
File : nvt/gb_RHSA-2011_0198-01_postgresql84.nasl
2011-02-02Name : PostgreSQL 'intarray' Module 'gettoken()' Buffer Overflow Vulnerability
File : nvt/gb_postgresql_46084.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
70740PostgreSQL intarray Module contrib/intarray/_int_bool.c gettoken() Function O...

Information Assurance Vulnerability Management (IAVM)

DateDescription
2012-08-16IAVM : 2012-A-0136 - Multiple Vulnerabilities in Juniper Network Management Products
Severity : Category I - VMSKEY : V0033662

Nessus® Vulnerability Scanner

DateDescription
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_postgresql-110217.nasl - Type : ACT_GATHER_INFO
2013-09-13Name : The remote host is affected by multiple vulnerabilities.
File : juniper_nsm_2012_1.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0197.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0198.nasl - Type : ACT_GATHER_INFO
2012-12-28Name : The remote database server is affected by a buffer overflow vulnerability.
File : postgresql_20110201.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110203_postgresql84_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110203_postgresql_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-12-13Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-7404.nasl - Type : ACT_GATHER_INFO
2011-10-25Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201110-22.nasl - Type : ACT_GATHER_INFO
2011-05-05Name : The remote openSUSE host is missing a security update.
File : suse_11_2_postgresql-110217.nasl - Type : ACT_GATHER_INFO
2011-04-15Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0198.nasl - Type : ACT_GATHER_INFO
2011-03-31Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-7341.nasl - Type : ACT_GATHER_INFO
2011-03-31Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_postgresql-110217.nasl - Type : ACT_GATHER_INFO
2011-02-10Name : The remote Fedora host is missing a security update.
File : fedora_2011-0963.nasl - Type : ACT_GATHER_INFO
2011-02-08Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-021.nasl - Type : ACT_GATHER_INFO
2011-02-08Name : The remote Fedora host is missing a security update.
File : fedora_2011-0990.nasl - Type : ACT_GATHER_INFO
2011-02-06Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0197.nasl - Type : ACT_GATHER_INFO
2011-02-04Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1058-1.nasl - Type : ACT_GATHER_INFO
2011-02-04Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0197.nasl - Type : ACT_GATHER_INFO
2011-02-04Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0198.nasl - Type : ACT_GATHER_INFO
2011-02-04Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2157.nasl - Type : ACT_GATHER_INFO
2009-06-28Name : The remote host is missing Sun Security Patch number 138822-12
File : solaris10_138822.nasl - Type : ACT_GATHER_INFO
2009-06-28Name : The remote host is missing Sun Security Patch number 138824-12
File : solaris10_138824.nasl - Type : ACT_GATHER_INFO
2009-06-28Name : The remote host is missing Sun Security Patch number 138826-12
File : solaris10_138826.nasl - Type : ACT_GATHER_INFO
2009-06-28Name : The remote host is missing Sun Security Patch number 138823-12
File : solaris10_x86_138823.nasl - Type : ACT_GATHER_INFO
2009-06-28Name : The remote host is missing Sun Security Patch number 138825-12
File : solaris10_x86_138825.nasl - Type : ACT_GATHER_INFO
2009-06-28Name : The remote host is missing Sun Security Patch number 138827-12
File : solaris10_x86_138827.nasl - Type : ACT_GATHER_INFO
2008-03-04Name : The remote host is missing Sun Security Patch number 137000-08
File : solaris10_137000.nasl - Type : ACT_GATHER_INFO
2008-03-04Name : The remote host is missing Sun Security Patch number 137004-09
File : solaris10_137004.nasl - Type : ACT_GATHER_INFO
2008-03-04Name : The remote host is missing Sun Security Patch number 137001-08
File : solaris10_x86_137001.nasl - Type : ACT_GATHER_INFO
2008-03-04Name : The remote host is missing Sun Security Patch number 137005-09
File : solaris10_x86_137005.nasl - Type : ACT_GATHER_INFO
2008-02-05Name : The remote host is missing Sun Security Patch number 136998-10
File : solaris10_136998.nasl - Type : ACT_GATHER_INFO
2008-02-05Name : The remote host is missing Sun Security Patch number 136999-10
File : solaris10_x86_136999.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:54:19
  • Multiple Updates