Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title PostgreSQL vulnerability
Informations
Name USN-1058-1 First vendor Publication 2011-02-03
Vendor Ubuntu Last vendor Modification 2011-02-03
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Cvss Base Score 6.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS:
postgresql-contrib-8.1 8.1.23-0ubuntu0.6.06.1

Ubuntu 8.04 LTS:
postgresql-contrib-8.3 8.3.14-0ubuntu8.04

Ubuntu 9.10:
postgresql-contrib-8.4 8.4.7-0ubuntu0.9.10

Ubuntu 10.04 LTS:
postgresql-contrib-8.4 8.4.7-0ubuntu0.10.04

Ubuntu 10.10:
postgresql-contrib-8.4 8.4.7-0ubuntu0.10.10

In general, a standard system update will make all the necessary changes.

Details follow:

Geoff Keating reported that a buffer overflow exists in the intarray module's input function for the query_int type. This could allow an attacker to cause a denial of service or possibly execute arbitrary code as the postgres user.

Original Source

Url : http://www.ubuntu.com/usn/USN-1058-1

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-189 Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12782
 
Oval ID: oval:org.mitre.oval:def:12782
Title: DSA-2157-1 postgresql-8.3, postgresql-8.4, postgresql-9.0 -- buffer overflow
Description: It was discovered that PostgreSQL's intarray contrib module does not properly handle integers with a large number of digits, leading to a server crash and potentially arbitrary code execution.
Family: unix Class: patch
Reference(s): DSA-2157-1
CVE-2010-4015
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): postgresql-8.3, postgresql-8.4, postgresql-9.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13707
 
Oval ID: oval:org.mitre.oval:def:13707
Title: USN-1058-1 -- postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerability
Description: Geoff Keating reported that a buffer overflow exists in the intarray module�s input function for the query_int type. This could allow an attacker to cause a denial of service or possibly execute arbitrary code as the postgres user.
Family: unix Class: patch
Reference(s): USN-1058-1
CVE-2010-4015
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 10.04
Ubuntu 9.10
Ubuntu 6.06
Product(s): postgresql-8.1
postgresql-8.3
postgresql-8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21138
 
Oval ID: oval:org.mitre.oval:def:21138
Title: RHSA-2011:0197: postgresql security update (Moderate)
Description: Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.
Family: unix Class: patch
Reference(s): RHSA-2011:0197-01
CVE-2010-4015
CESA-2011:0197-CentOS 5
Version: 6
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21827
 
Oval ID: oval:org.mitre.oval:def:21827
Title: RHSA-2011:0198: postgresql84 security update (Moderate)
Description: Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.
Family: unix Class: patch
Reference(s): RHSA-2011:0198-01
CESA-2011:0198
CVE-2010-4015
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): postgresql84
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23125
 
Oval ID: oval:org.mitre.oval:def:23125
Title: ELSA-2011:0198: postgresql84 security update (Moderate)
Description: Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.
Family: unix Class: patch
Reference(s): ELSA-2011:0198-01
CVE-2010-4015
Version: 6
Platform(s): Oracle Linux 5
Product(s): postgresql84
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23539
 
Oval ID: oval:org.mitre.oval:def:23539
Title: ELSA-2011:0197: postgresql security update (Moderate)
Description: Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.
Family: unix Class: patch
Reference(s): ELSA-2011:0197-01
CVE-2010-4015
Version: 6
Platform(s): Oracle Linux 6
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27731
 
Oval ID: oval:org.mitre.oval:def:27731
Title: DEPRECATED: ELSA-2011-0198 -- postgresql84 security update (moderate)
Description: [8.4.7-1.el5_6.1] - Update to PostgreSQL 8.4.7, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-7.html http://www.postgresql.org/docs/8.4/static/release-8-4-6.html including the fix for CVE-2010-4015 Resolves: #672636 - Ensure we don't package any .gitignore files from the source tarball
Family: unix Class: patch
Reference(s): ELSA-2011-0198
CVE-2010-4015
Version: 4
Platform(s): Oracle Linux 5
Product(s): postgresql84
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 44

OpenVAS Exploits

Date Description
2012-07-30 Name : CentOS Update for postgresql CESA-2011:0197 centos4 x86_64
File : nvt/gb_CESA-2011_0197_postgresql_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for postgresql CESA-2011:0197 centos5 x86_64
File : nvt/gb_CESA-2011_0197_postgresql_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for postgresql84 CESA-2011:0198 centos5 x86_64
File : nvt/gb_CESA-2011_0198_postgresql84_centos5_x86_64.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-22 (postgresql-server postgresql-base)
File : nvt/glsa_201110_22.nasl
2011-08-09 Name : CentOS Update for postgresql CESA-2011:0197 centos5 i386
File : nvt/gb_CESA-2011_0197_postgresql_centos5_i386.nasl
2011-08-09 Name : CentOS Update for postgresql84 CESA-2011:0198 centos5 i386
File : nvt/gb_CESA-2011_0198_postgresql84_centos5_i386.nasl
2011-02-11 Name : CentOS Update for postgresql CESA-2011:0197 centos4 i386
File : nvt/gb_CESA-2011_0197_postgresql_centos4_i386.nasl
2011-02-11 Name : Fedora Update for postgresql FEDORA-2011-0963
File : nvt/gb_fedora_2011_0963_postgresql_fc13.nasl
2011-02-11 Name : Fedora Update for postgresql FEDORA-2011-0990
File : nvt/gb_fedora_2011_0990_postgresql_fc14.nasl
2011-02-11 Name : Mandriva Update for postgresql MDVSA-2011:021 (postgresql)
File : nvt/gb_mandriva_MDVSA_2011_021.nasl
2011-02-04 Name : RedHat Update for postgresql RHSA-2011:0197-01
File : nvt/gb_RHSA-2011_0197-01_postgresql.nasl
2011-02-04 Name : RedHat Update for postgresql84 RHSA-2011:0198-01
File : nvt/gb_RHSA-2011_0198-01_postgresql84.nasl
2011-02-04 Name : Ubuntu Update for PostgreSQL vulnerability USN-1058-1
File : nvt/gb_ubuntu_USN_1058_1.nasl
2011-02-02 Name : PostgreSQL 'intarray' Module 'gettoken()' Buffer Overflow Vulnerability
File : nvt/gb_postgresql_46084.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
70740 PostgreSQL intarray Module contrib/intarray/_int_bool.c gettoken() Function O...

PostgreSQL is prone to an overflow condition. The 'gettoken' function in 'contrib/intarray/_int_bool.c' in the intarray array module fails to properly sanitize user-supplied input resulting in a buffer overflow. With specially crafted integers with large numbers of digits to unspecified functions, a remote authenticated attacker can potentially execute arbitrary code.

Information Assurance Vulnerability Management (IAVM)

Date Description
2012-08-16 IAVM : 2012-A-0136 - Multiple Vulnerabilities in Juniper Network Management Products
Severity : Category I - VMSKEY : V0033662

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_postgresql-110217.nasl - Type : ACT_GATHER_INFO
2013-09-13 Name : The remote host is affected by multiple vulnerabilities.
File : juniper_nsm_2012_1.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0197.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0198.nasl - Type : ACT_GATHER_INFO
2012-12-28 Name : The remote database server is affected by a buffer overflow vulnerability.
File : postgresql_20110201.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110203_postgresql_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110203_postgresql84_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-7404.nasl - Type : ACT_GATHER_INFO
2011-10-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201110-22.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_postgresql-110217.nasl - Type : ACT_GATHER_INFO
2011-04-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0198.nasl - Type : ACT_GATHER_INFO
2011-03-31 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-7341.nasl - Type : ACT_GATHER_INFO
2011-03-31 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_postgresql-110217.nasl - Type : ACT_GATHER_INFO
2011-02-10 Name : The remote Fedora host is missing a security update.
File : fedora_2011-0963.nasl - Type : ACT_GATHER_INFO
2011-02-08 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-021.nasl - Type : ACT_GATHER_INFO
2011-02-08 Name : The remote Fedora host is missing a security update.
File : fedora_2011-0990.nasl - Type : ACT_GATHER_INFO
2011-02-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0197.nasl - Type : ACT_GATHER_INFO
2011-02-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0198.nasl - Type : ACT_GATHER_INFO
2011-02-04 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1058-1.nasl - Type : ACT_GATHER_INFO
2011-02-04 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2157.nasl - Type : ACT_GATHER_INFO
2011-02-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0197.nasl - Type : ACT_GATHER_INFO
2009-06-28 Name : The remote host is missing Sun Security Patch number 138826-12
File : solaris10_138826.nasl - Type : ACT_GATHER_INFO
2009-06-28 Name : The remote host is missing Sun Security Patch number 138823-12
File : solaris10_x86_138823.nasl - Type : ACT_GATHER_INFO
2009-06-28 Name : The remote host is missing Sun Security Patch number 138825-12
File : solaris10_x86_138825.nasl - Type : ACT_GATHER_INFO
2009-06-28 Name : The remote host is missing Sun Security Patch number 138827-12
File : solaris10_x86_138827.nasl - Type : ACT_GATHER_INFO
2009-06-28 Name : The remote host is missing Sun Security Patch number 138824-12
File : solaris10_138824.nasl - Type : ACT_GATHER_INFO
2009-06-28 Name : The remote host is missing Sun Security Patch number 138822-12
File : solaris10_138822.nasl - Type : ACT_GATHER_INFO
2008-03-04 Name : The remote host is missing Sun Security Patch number 137001-08
File : solaris10_x86_137001.nasl - Type : ACT_GATHER_INFO
2008-03-04 Name : The remote host is missing Sun Security Patch number 137005-09
File : solaris10_x86_137005.nasl - Type : ACT_GATHER_INFO
2008-03-04 Name : The remote host is missing Sun Security Patch number 137004-09
File : solaris10_137004.nasl - Type : ACT_GATHER_INFO
2008-03-04 Name : The remote host is missing Sun Security Patch number 137000-08
File : solaris10_137000.nasl - Type : ACT_GATHER_INFO
2008-02-05 Name : The remote host is missing Sun Security Patch number 136999-10
File : solaris10_x86_136999.nasl - Type : ACT_GATHER_INFO
2008-02-05 Name : The remote host is missing Sun Security Patch number 136998-10
File : solaris10_136998.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:58:16
  • Multiple Updates