Executive Summary
Informations | |||
---|---|---|---|
Name | VMSA-2013-0005 | First vendor Publication | 2013-04-04 |
Vendor | VMware | Last vendor Modification | 2013-04-04 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 8.5 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
a. VMware vFabric Postgres security vulnerabilities VMware vFabric Postgres has been updated to resolve several security issues that were found to be present in Postgres. The most serious of these issues, CVE-2013-1899, allows for remote deletion of files from the vFabric Postgres data directory. In case vFabric Postgres is not listening for external incoming traffic the issue cannot be exploited remotely. Mitigation Disallowing incoming external traffic will mitigate the issue for CVE-2013-1899. Details can be found in http://www.postgresql.org/docs/9.1/static/runtime-config-connection.html. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-1899, CVE-2013-1900 and CVE-2013-1901 to these issues. |
Original Source
Url : http://www.vmware.com/security/advisories/VMSA-2013-0005.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-264 | Permissions, Privileges, and Access Controls |
33 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
33 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:18307 | |||
Oval ID: | oval:org.mitre.oval:def:18307 | ||
Title: | DSA-2657-1 postgresql-8.4 - guessable random numbers | ||
Description: | A vulnerability was discovered in PostgreSQL database server. Random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2657-1 CVE-2013-1900 CVE-2013-1899 CVE-2013-1901 | Version: | 7 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | postgresql-8.4 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18325 | |||
Oval ID: | oval:org.mitre.oval:def:18325 | ||
Title: | USN-1789-1 -- postgresql-8.3, postgresql-8.4, postgresql-9.1 vulnerabilities | ||
Description: | Several security issues were fixed in PostgreSQL. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1789-1 CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 | Version: | 7 |
Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 8.04 | Product(s): | postgresql-9.1 postgresql-8.4 postgresql-8.3 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20118 | |||
Oval ID: | oval:org.mitre.oval:def:20118 | ||
Title: | DSA-2658-1 postgresql-9.1 - several | ||
Description: | Several vulnerabilities were discovered in PostgreSQL database server. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2658-1 CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 | Version: | 5 |
Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | postgresql-9.1 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25926 | |||
Oval ID: | oval:org.mitre.oval:def:25926 | ||
Title: | SUSE-SU-2013:0633-2 -- Security update for PostgreSQL | ||
Description: | This update of PostgreSQL to version 9.1.9 fixes: * CVE-2013-1899: Fix insecure parsing of server command-line switches. * CVE-2013-1900: Reset OpenSSL randomness state in each postmaster child process. * CVE-2013-1901: Make REPLICATION privilege checks test current user not authenticated user. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:0633-2 CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | PostgreSQL |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26051 | |||
Oval ID: | oval:org.mitre.oval:def:26051 | ||
Title: | SUSE-SU-2013:0633-1 -- Security update for PostgreSQL | ||
Description: | This update to version 9.1.9 fixes: * CVE-2013-1899: Fix insecure parsing of server command-line switches. * CVE-2013-1900: Reset OpenSSL randomness state in each postmaster child process. * CVE-2013-1901: Make REPLICATION privilege checks test current user not authenticated user. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:0633-1 CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | PostgreSQL |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2013-09-19 | IAVM : 2013-A-0179 - Apple Mac OS X Security Update 2013-004 Severity : Category I - VMSKEY : V0040373 |
2013-04-11 | IAVM : 2013-B-0035 - Multiple Vulnerabilities in PostgreSQL Severity : Category I - VMSKEY : V0037619 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | PostgreSQL database name command line injection attempt RuleID : 26586 - Revision : 4 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201408-15.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-307.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-306.nasl - Type : ACT_GATHER_INFO |
2013-11-14 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-244.nasl - Type : ACT_GATHER_INFO |
2013-10-31 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131029_postgresql_and_postgresql84_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-10-30 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1475.nasl - Type : ACT_GATHER_INFO |
2013-10-30 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1475.nasl - Type : ACT_GATHER_INFO |
2013-10-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1475.nasl - Type : ACT_GATHER_INFO |
2013-09-17 | Name : The remote host is missing a security update for OS X Server. File : macosx_server_2_2_2.nasl - Type : ACT_GATHER_INFO |
2013-09-13 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_8_5.nasl - Type : ACT_GATHER_INFO |
2013-09-13 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2013-004.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-178.nasl - Type : ACT_GATHER_INFO |
2013-04-22 | Name : The remote Fedora host is missing a security update. File : fedora_2013-6148.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-142.nasl - Type : ACT_GATHER_INFO |
2013-04-08 | Name : The remote database server is affected by a file deletion vulnerability. File : postgresql_cve20131899.nasl - Type : ACT_GATHER_INFO |
2013-04-08 | Name : The remote database server is affected by a denial of service vulnerability. File : postgresql_cve20131901.nasl - Type : ACT_GATHER_INFO |
2013-04-08 | Name : The remote database server is affected by an issue in the random number gener... File : postgresql_cve20131900.nasl - Type : ACT_GATHER_INFO |
2013-04-08 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_3f332f169b6b11e28fe908002798f6ff.nasl - Type : ACT_GATHER_INFO |
2013-04-07 | Name : The remote Fedora host is missing a security update. File : fedora_2013-4951.nasl - Type : ACT_GATHER_INFO |
2013-04-07 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libecpg6-130402.nasl - Type : ACT_GATHER_INFO |
2013-04-07 | Name : The remote Fedora host is missing a security update. File : fedora_2013-5000.nasl - Type : ACT_GATHER_INFO |
2013-04-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1789-1.nasl - Type : ACT_GATHER_INFO |
2013-04-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2657.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:07:26 |
|
2013-07-16 21:18:26 |
|