Executive Summary
Summary | |
---|---|
Title | Sun Alert 270408 Security Vulnerabilities in PostgreSQL Shipped with Solaris may Allow a Denial of Service (DoS) or Privilege Escalation |
Informations | |||
---|---|---|---|
Name | SUN-270408 | First vendor Publication | 2009-10-29 |
Vendor | Sun | Last vendor Modification | 2009-11-02 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Solaris 10, OpenSolaris Security vulnerabilities affecting the PostgreSQL software shipped with Solaris may allow an authenticated PostgreSQL user to cause a denial of service (DoS) to the PostgreSQL server by "re-LOAD-ing" libraries from a certain plugins directory. However, the PostgreSQL versions shipped with Solaris do not include any plugins. In addition, an issue with the privileges for RESET ROLE and RESET SESSION AUTHORIZATION operations may allow any authenticated users to gain extra privileges. These issues are described in the following documents: Official PostgreSQL announcement at: http://www.postgresql.org/about/news.1135 CVE-2009-3229 at: http://www.security-database.com/detail.php?cve=CVE-2009-3229 CVE-2009-3230 at: http://www.security-database.com/detail.php?cve=CVE-2009-3230 Note: PostgreSQL is not compiled with LDAP support on Solaris. Solaris is not affected with CVE-2009-3231. State: Resolved First released: 26-Oct-2009 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_270408_security_vulnerabilities |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-1 | Accessing Functionality Not Properly Constrained by ACLs |
CAPEC-13 | Subverting Environment Variable Values |
CAPEC-17 | Accessing, Modifying or Executing Executable Files |
CAPEC-22 | Exploiting Trust in Client (aka Make the Client Invisible) |
CAPEC-39 | Manipulating Opaque Client-based Data Tokens |
CAPEC-45 | Buffer Overflow via Symbolic Links |
CAPEC-51 | Poison Web Service Registry |
CAPEC-57 | Utilizing REST's Trust in the System Resource to Register Man in the Middle |
CAPEC-59 | Session Credential Falsification through Prediction |
CAPEC-60 | Reusing Session IDs (aka Session Replay) |
CAPEC-76 | Manipulating Input to File System Calls |
CAPEC-77 | Manipulating User-Controlled Variables |
CAPEC-87 | Forceful Browsing |
CAPEC-94 | Man in the Middle Attack |
CAPEC-104 | Cross Zone Scripting |
CAPEC-114 | Authentication Abuse |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-287 | Improper Authentication |
50 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:22642 | |||
Oval ID: | oval:org.mitre.oval:def:22642 | ||
Title: | ELSA-2009:1484: postgresql security update (Moderate) | ||
Description: | The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1484-01 CVE-2009-0922 CVE-2009-3230 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | postgresql |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-22 (postgresql-server postgresql-base) File : nvt/glsa_201110_22.nasl |
2011-08-09 | Name : CentOS Update for postgresql CESA-2009:1484 centos4 i386 File : nvt/gb_CESA-2009_1484_postgresql_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for postgresql CESA-2009:1484 centos5 i386 File : nvt/gb_CESA-2009_1484_postgresql_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for rh-postgresql CESA-2009:1485 centos3 i386 File : nvt/gb_CESA-2009_1485_rh-postgresql_centos3_i386.nasl |
2009-12-30 | Name : FreeBSD Ports: postgresql-client, postgresql-server File : nvt/freebsd_postgresql-client.nasl |
2009-12-14 | Name : Mandriva Security Advisory MDVSA-2009:251-1 (postgresql8.2) File : nvt/mdksa_2009_251_1.nasl |
2009-10-27 | Name : SuSE Security Summary SUSE-SR:2009:017 File : nvt/suse_sr_2009_017.nasl |
2009-10-19 | Name : SuSE Security Summary SUSE-SR:2009:016 File : nvt/suse_sr_2009_016.nasl |
2009-10-13 | Name : RedHat Security Advisory RHSA-2009:1484 File : nvt/RHSA_2009_1484.nasl |
2009-10-13 | Name : SLES10: Security update for PostgreSQL File : nvt/sles10_postgresql0.nasl |
2009-10-13 | Name : CentOS Security Advisory CESA-2009:1485 (postgresql) File : nvt/ovcesa2009_1485.nasl |
2009-10-13 | Name : CentOS Security Advisory CESA-2009:1484 (postgresql) File : nvt/ovcesa2009_1484.nasl |
2009-10-13 | Name : RedHat Security Advisory RHSA-2009:1485 File : nvt/RHSA_2009_1485.nasl |
2009-10-11 | Name : SLES11: Security update for PostgreSQL File : nvt/sles11_postgresql0.nasl |
2009-10-10 | Name : SLES9: Security update for PostgreSQL File : nvt/sles9p5059340.nasl |
2009-10-06 | Name : Debian Security Advisory DSA 1900-1 (postgresql-7.4, postgresql-8.1, postgres... File : nvt/deb_1900_1.nasl |
2009-10-01 | Name : PostgreSQL Multiple Security Vulnerabilities File : nvt/postgreSQL_multiple_security_vulnerabilities.nasl |
2009-09-28 | Name : RedHat Security Advisory RHSA-2009:1461 File : nvt/RHSA_2009_1461.nasl |
2009-09-28 | Name : Ubuntu USN-834-1 (postgresql-8.3) File : nvt/ubuntu_834_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
57918 | PostgreSQL $libdir/plugins Library Reload Backend Server Shutdown DoS |
57917 | PostgreSQL LDAP Anonymous Bind Authentication Bypass |
57901 | PostgreSQL RESET SESSION AUTHORIZATION Remote Privilege Escalation |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1484.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1485.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091007_postgresql_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2011-10-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-22.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_postgresql-6535.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1900.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1484.nasl - Type : ACT_GATHER_INFO |
2009-12-17 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_e7bc5600eaa011debd9c00215c6a37bb.nasl - Type : ACT_GATHER_INFO |
2009-12-16 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-333.nasl - Type : ACT_GATHER_INFO |
2009-10-08 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1485.nasl - Type : ACT_GATHER_INFO |
2009-10-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1485.nasl - Type : ACT_GATHER_INFO |
2009-10-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1484.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_postgresql-6502.nasl - Type : ACT_GATHER_INFO |
2009-10-02 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-251.nasl - Type : ACT_GATHER_INFO |
2009-09-29 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_postgresql-090917.nasl - Type : ACT_GATHER_INFO |
2009-09-29 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_postgresql-090917.nasl - Type : ACT_GATHER_INFO |
2009-09-28 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_postgresql-6500.nasl - Type : ACT_GATHER_INFO |
2009-09-28 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_postgresql-090917.nasl - Type : ACT_GATHER_INFO |
2009-09-28 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12509.nasl - Type : ACT_GATHER_INFO |
2009-09-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-834-1.nasl - Type : ACT_GATHER_INFO |
2009-09-14 | Name : The remote Fedora host is missing a security update. File : fedora_2009-9474.nasl - Type : ACT_GATHER_INFO |
2009-09-14 | Name : The remote Fedora host is missing a security update. File : fedora_2009-9473.nasl - Type : ACT_GATHER_INFO |
2009-09-11 | Name : The database service running on the remote host has an authentication bypass ... File : postgresql_ldap_auth_bypass.nasl - Type : ACT_GATHER_INFO |
2009-06-28 | Name : The remote host is missing Sun Security Patch number 138827-12 File : solaris10_x86_138827.nasl - Type : ACT_GATHER_INFO |
2009-06-28 | Name : The remote host is missing Sun Security Patch number 138826-12 File : solaris10_138826.nasl - Type : ACT_GATHER_INFO |
2008-02-05 | Name : The remote host is missing Sun Security Patch number 136999-10 File : solaris10_x86_136999.nasl - Type : ACT_GATHER_INFO |
2008-02-05 | Name : The remote host is missing Sun Security Patch number 136998-10 File : solaris10_136998.nasl - Type : ACT_GATHER_INFO |
2007-03-18 | Name : The remote host is missing Sun Security Patch number 123591-12 File : solaris10_x86_123591.nasl - Type : ACT_GATHER_INFO |
2007-03-18 | Name : The remote host is missing Sun Security Patch number 123590-12 File : solaris10_123590.nasl - Type : ACT_GATHER_INFO |