Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title PostgreSQL: Multiple vulnerabilities
Informations
Name GLSA-201110-22 First vendor Publication 2011-10-25
Vendor Gentoo Last vendor Modification 2011-10-25
Severity (Vendor) Normal Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:C/I:C/A:C)
Cvss Base Score 8.5 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 6.8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities in the PostgreSQL server and client allow remote attacker to conduct several attacks, including the execution of arbitrary code and Denial of Service.

Background

PostgreSQL is an open source object-relational database management system.

Description

Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details.

Impact

A remote authenticated attacker could send a specially crafted SQL query to a PostgreSQL server with the "intarray" module enabled, possibly resulting in the execution of arbitrary code with the privileges of the PostgreSQL server process, or a Denial of Service condition. Furthermore, a remote authenticated attacker could execute arbitrary Perl code, cause a Denial of Service condition via different vectors, bypass LDAP authentication, bypass X.509 certificate validation, gain database privileges, exploit weak blowfish encryption and possibly cause other unspecified impact.

Workaround

There is no known workaround at this time.

Resolution

All PostgreSQL 8.2 users should upgrade to the latest 8.2 base version:
# emerge --sync
# emerge --ask --oneshot -v ">=dev-db/postgresql-base-8.2.22:8.2"

All PostgreSQL 8.3 users should upgrade to the latest 8.3 base version:
# emerge --sync
# emerge --ask --oneshot -v ">=dev-db/postgresql-base-8.3.16:8.3"

All PostgreSQL 8.4 users should upgrade to the latest 8.4 base version:
# emerge --sync
# emerge --ask --oneshot -v ">=dev-db/postgresql-base-8.4.9:8.4"

All PostgreSQL 9.0 users should upgrade to the latest 9.0 base version:
# emerge --sync
# emerge --ask --oneshot -v ">=dev-db/postgresql-base-9.0.5:9.0"

All PostgreSQL 8.2 server users should upgrade to the latest 8.2 server version:
# emerge --sync
# emerge --ask --oneshot -v ">=dev-db/postgresql-server-8.2.22:8.2"

All PostgreSQL 8.3 server users should upgrade to the latest 8.3 server version:
# emerge --sync
# emerge --ask --oneshot -v ">=dev-db/postgresql-server-8.3.16:8.3"

All PostgreSQL 8.4 server users should upgrade to the latest 8.4 server version:
# emerge --sync
# emerge --ask --oneshot -v ">=dev-db/postgresql-server-8.4.9:8.4"

All PostgreSQL 9.0 server users should upgrade to the latest 9.0 server version:
# emerge --sync
# emerge --ask --oneshot -v ">=dev-db/postgresql-server-9.0.5:9.0"

The old unsplit PostgreSQL packages have been removed from portage.
Users still using them are urged to migrate to the new PostgreSQL packages as stated above and to remove the old package:
# emerge --unmerge "dev-db/postgresql"

References

[ 1 ] CVE-2009-0922 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0922
[ 2 ] CVE-2009-3229 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3229
[ 3 ] CVE-2009-3230 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3230
[ 4 ] CVE-2009-3231 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3231
[ 5 ] CVE-2009-4034 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4034
[ 6 ] CVE-2009-4136 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4136
[ 7 ] CVE-2010-0442 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0442
[ 8 ] CVE-2010-0733 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0733
[ 9 ] CVE-2010-1169 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1169
[ 10 ] CVE-2010-1170 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1170
[ 11 ] CVE-2010-1447 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1447
[ 12 ] CVE-2010-1975 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1975
[ 13 ] CVE-2010-3433 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3433
[ 14 ] CVE-2010-4015 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4015
[ 15 ] CVE-2011-2483 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2483

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201110-22.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201110-22.xml

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
CAPEC-13 Subverting Environment Variable Values
CAPEC-17 Accessing, Modifying or Executing Executable Files
CAPEC-22 Exploiting Trust in Client (aka Make the Client Invisible)
CAPEC-39 Manipulating Opaque Client-based Data Tokens
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-51 Poison Web Service Registry
CAPEC-57 Utilizing REST's Trust in the System Resource to Register Man in the Middle
CAPEC-59 Session Credential Falsification through Prediction
CAPEC-60 Reusing Session IDs (aka Session Replay)
CAPEC-76 Manipulating Input to File System Calls
CAPEC-77 Manipulating User-Controlled Variables
CAPEC-87 Forceful Browsing
CAPEC-94 Man in the Middle Attack
CAPEC-104 Cross Zone Scripting
CAPEC-114 Authentication Abuse

CWE : Common Weakness Enumeration

% Id Name
38 % CWE-264 Permissions, Privileges, and Access Controls
23 % CWE-189 Numeric Errors (CWE/SANS Top 25)
15 % CWE-310 Cryptographic Issues
8 % CWE-399 Resource Management Errors
8 % CWE-287 Improper Authentication
8 % CWE-94 Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10166
 
Oval ID: oval:org.mitre.oval:def:10166
Title: The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.
Description: The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3230
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10510
 
Oval ID: oval:org.mitre.oval:def:10510
Title: The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script.
Description: The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script.
Family: unix Class: vulnerability
Reference(s): CVE-2010-1170
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10645
 
Oval ID: oval:org.mitre.oval:def:10645
Title: PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. NOTE: some sources report that this issue is the same as CVE-2010-1447.
Description: PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. NOTE: some sources report that this issue is the same as CVE-2010-1447.
Family: unix Class: vulnerability
Reference(s): CVE-2010-1169
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10691
 
Oval ID: oval:org.mitre.oval:def:10691
Title: Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations.
Description: Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0733
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10874
 
Oval ID: oval:org.mitre.oval:def:10874
Title: PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests.
Description: PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0922
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11004
 
Oval ID: oval:org.mitre.oval:def:11004
Title: PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.
Description: PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.
Family: unix Class: vulnerability
Reference(s): CVE-2010-1975
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11530
 
Oval ID: oval:org.mitre.oval:def:11530
Title: The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution.
Description: The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution.
Family: unix Class: vulnerability
Reference(s): CVE-2010-1447
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11655
 
Oval ID: oval:org.mitre.oval:def:11655
Title: DSA-2051 postgresql-8.3 -- several vulnerabilities
Description: Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: Tim Bunce discovered that the implementation of the procedural language PL/Perl insufficiently restricts the subset of allowed code, which allows authenticated users the execution of arbitrary Perl code. Tom Lane discovered that the implementation of the procedural language PL/Tcl insufficiently restricts the subset of allowed code, which allows authenticated users the execution of arbitrary Tcl code. It was discovered that an unprivileged user could reset superuser-only parameter settings.
Family: unix Class: patch
Reference(s): DSA-2051
CVE-2010-0442
CVE-2010-1169
CVE-2010-1170
CVE-2010-1975
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): postgresql-8.3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12311
 
Oval ID: oval:org.mitre.oval:def:12311
Title: DSA-2120-1 postgresql-8.3 -- privilege escalation
Description: Tim Bunce discovered that PostgreSQL, a database server software, does not properly separate interpreters for server-side stored procedures which run in different security contexts. As a result, non-privileged authenticated database users might gain additional privileges. Note that this security update may impact intended communication through global variables between stored procedures. It might be necessary to convert these functions to run under the plperlu or pltclu languages, with database superuser privileges. This security update also includes unrelated bug fixes from PostgreSQL 8.3.12. For the stable distribution, this problem has been fixed in version 8.3_8.3.12-0lenny1. For the unstable distribution, this problem has been fixed in version 8.4.5-1 of the postgresql-8.4 package. We recommend that you upgrade your PostgreSQL packages.
Family: unix Class: patch
Reference(s): DSA-2120-1
CVE-2010-3433
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): postgresql-8.3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12782
 
Oval ID: oval:org.mitre.oval:def:12782
Title: DSA-2157-1 postgresql-8.3, postgresql-8.4, postgresql-9.0 -- buffer overflow
Description: It was discovered that PostgreSQL's intarray contrib module does not properly handle integers with a large number of digits, leading to a server crash and potentially arbitrary code execution.
Family: unix Class: patch
Reference(s): DSA-2157-1
CVE-2010-4015
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): postgresql-8.3, postgresql-8.4, postgresql-9.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12988
 
Oval ID: oval:org.mitre.oval:def:12988
Title: USN-1002-2 -- postgresql-8.4 vulnerability
Description: USN-1002-1 fixed vulnerabilities in PostgreSQL. This update provides the corresponding update for Ubuntu 10.10. Original advisory details: It was discovered that PostgreSQL did not properly enforce permissions within sessions when PL/Perl and PL/Tcl functions or operators were redefined. A remote authenticated attacker could exploit this to execute arbitrary code with permissions of a different user, possibly leading to privilege escalation.
Family: unix Class: patch
Reference(s): USN-1002-2
CVE-2010-3433
Version: 5
Platform(s): Ubuntu 10.10
Product(s): postgresql-8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13000
 
Oval ID: oval:org.mitre.oval:def:13000
Title: DSA-1964-1 postgresql-7.4, postgresql-8.1, postgresql-8.3 -- several
Description: Several vulnerabilities have been discovered in PostgreSQL, a database server. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that PostgreSQL did not properly verify the Common Name attribute in X.509 certificates, enabling attackers to bypass the TLS protection on client-server connections, by relying on a certificate from a trusted CA which contains an embedded NUL byte in the Common Name. Authenticated database users could elevate their privileges by creating specially-crafted index functions. The following table shows fixed source package versions for the respective distributions. oldstable/etch stable/lenny testing/unstable postgresql-7.4 1:7.4.27-0etch1 postgresql-8.1 8.1.19-0etch1 postgresql-8.3 8.3.9-0lenny1 8.3.9-1 postgresql-8.4 8.4.2-1 In addition to these security fixes, the updates contain reliability improvements and fix other defects. We recommend that you upgrade your PostgreSQL packages.
Family: unix Class: patch
Reference(s): DSA-1964-1
CVE-2009-4034
CVE-2009-4136
Version: 7
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): postgresql-7.4
postgresql-8.1
postgresql-8.3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13030
 
Oval ID: oval:org.mitre.oval:def:13030
Title: DSA-2267-1 perl -- restriction bypass
Description: It was discovered that Perl's Safe module - a module to compile and execute code in restricted compartments - could by bypassed. Please note that this update is known to break Petal, an XML-based templating engine. A fix is not yet available. If you use Petal, you might consider to put the previous Perl packages on hold.
Family: unix Class: patch
Reference(s): DSA-2267-1
CVE-2010-1447
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): perl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13207
 
Oval ID: oval:org.mitre.oval:def:13207
Title: USN-933-1 -- postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerability
Description: It was discovered that PostgreSQL did not properly sanitize its input when using substring with a SELECT statement. A remote authenticated attacker could exploit this to cause a denial of service via application crash.
Family: unix Class: patch
Reference(s): USN-933-1
CVE-2010-0442
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): postgresql-8.1
postgresql-8.3
postgresql-8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13259
 
Oval ID: oval:org.mitre.oval:def:13259
Title: USN-876-1 -- postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerabilities
Description: It was discovered that PostgreSQL did not properly handle certificates with NULL characters in the Common Name field of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. It was discovered that PostgreSQL did not properly manage session-local state. A remote authenticated user could exploit this to escalate priviliges within PostgreSQL
Family: unix Class: patch
Reference(s): USN-876-1
CVE-2009-4034
CVE-2009-4136
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): postgresql-8.1
postgresql-8.3
postgresql-8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13288
 
Oval ID: oval:org.mitre.oval:def:13288
Title: USN-753-1 -- postgresql-8.1, postgresql-8.3 vulnerability
Description: It was discovered that PostgreSQL did not properly handle encoding conversion failures. An attacker could exploit this by sending specially crafted requests to PostgreSQL, leading to a denial of service.
Family: unix Class: patch
Reference(s): USN-753-1
CVE-2009-0922
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 6.06
Ubuntu 8.10
Product(s): postgresql-8.1
postgresql-8.3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13340
 
Oval ID: oval:org.mitre.oval:def:13340
Title: USN-1002-1 -- postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerability
Description: It was discovered that PostgreSQL did not properly enforce permissions within sessions when PL/Perl and PL/Tcl functions or operators were redefined. A remote authenticated attacker could exploit this to execute arbitrary code with permissions of a different user, possibly leading to privilege escalation.
Family: unix Class: patch
Reference(s): USN-1002-1
CVE-2010-3433
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.04
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): postgresql-8.1
postgresql-8.3
postgresql-8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13487
 
Oval ID: oval:org.mitre.oval:def:13487
Title: USN-942-1 -- postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerabilities
Description: It was discovered that the Safe.pm module as used by PostgreSQL did not properly restrict PL/perl procedures. If PostgreSQL was configured to use Perl stored procedures, a remote authenticated attacker could exploit this to execute arbitrary Perl code. It was discovered that PostgreSQL did not properly check permissions to restrict PL/Tcl procedures. If PostgreSQL was configured to use Tcl stored procedures, a remote authenticated attacker could exploit this to execute arbitrary Tcl code
Family: unix Class: patch
Reference(s): USN-942-1
CVE-2010-1169
CVE-2010-1170
CVE-2010-1975
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.04
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): postgresql-8.1
postgresql-8.3
postgresql-8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13636
 
Oval ID: oval:org.mitre.oval:def:13636
Title: DSA-2051-1 postgresql-8.3 -- several
Description: Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1169 Tim Bunce discovered that the implementation of the procedural language PL/Perl insufficiently restricts the subset of allowed code, which allows authenticated users the execution of arbitrary Perl code. CVE-2010-1170 Tom Lane discovered that the implementation of the procedural language PL/Tcl insufficiently restricts the subset of allowed code, which allows authenticated users the execution of arbitrary Tcl code. CVE-2010-1975 It was discovered that an unprivileged user could reset superuser-only parameter settings. For the stable distribution, these problems have been fixed in version 8.3.11-0lenny1. This update also introduces a fix for CVE-2010-0442, which was originally scheduled for the next Lenny point update. For the unstable distribution, these problems have been fixed in version 8.4.4-1 of postgresql-8.4. We recommend that you upgrade your postgresql-8.3 packages.
Family: unix Class: patch
Reference(s): DSA-2051-1
CVE-2010-0442
CVE-2010-1169
CVE-2010-1170
CVE-2010-1975
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): postgresql-8.3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13647
 
Oval ID: oval:org.mitre.oval:def:13647
Title: USN-834-1 -- postgresql-8.1, postgresql-8.3 vulnerabilities
Description: It was discovered that PostgreSQL could be made to unload and reload an already loaded module by using the LOAD command. A remote authenticated attacker could exploit this to cause a denial of service. This issue did not affect Ubuntu 6.06 LTS. Due to an incomplete fix for CVE-2007-6600, RESET ROLE and RESET SESSION AUTHORIZATION operations were allowed inside security-definer functions. A remote authenticated attacker could exploit this to escalate privileges within PostgreSQL. It was discovered that PostgreSQL did not properly perform LDAP authentication under certain circumstances. When configured to use LDAP with anonymous binds, a remote attacker could bypass authentication by supplying an empty password. This issue did not affect Ubuntu 6.06 LTS
Family: unix Class: patch
Reference(s): USN-834-1
CVE-2009-3229
CVE-2007-6600
CVE-2009-3230
CVE-2009-3231
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 9.04
Ubuntu 6.06
Ubuntu 8.10
Product(s): postgresql-8.1
postgresql-8.3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13707
 
Oval ID: oval:org.mitre.oval:def:13707
Title: USN-1058-1 -- postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerability
Description: Geoff Keating reported that a buffer overflow exists in the intarray module�s input function for the query_int type. This could allow an attacker to cause a denial of service or possibly execute arbitrary code as the postgres user.
Family: unix Class: patch
Reference(s): USN-1058-1
CVE-2010-4015
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 10.04
Ubuntu 9.10
Ubuntu 6.06
Product(s): postgresql-8.1
postgresql-8.3
postgresql-8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13708
 
Oval ID: oval:org.mitre.oval:def:13708
Title: DSA-1900-1 postgresql-7.4, postgresql-8.1, postgresql-8.3, postgresql-8.4 -- several
Description: Several vulnerabilities have been discovered in PostgreSQL, an SQL database system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3229 Authenticated users can shut down the backend server by re-LOAD-ing libraries in $libdir/plugins, if any libraries are present there. CVE-2009-3230 Authenticated non-superusers can gain database superuser privileges if they can create functions and tables due to incorrect execution of functions in functional indexes. CVE-2009-3231 If PostgreSQL is configured with LDAP authentication, and the LDAP configuration allows anonymous binds, it is possible for a user to authenticate themselves with an empty password. In addition, this update contains reliability improvements which do not target security issues. For the old stable distribution, these problems have been fixed in version 1:7.4.26-0etch1 of the postgresql-7.4 source package, and version 8.1.18-0etch1 of the postgresql-8.1 source package. For the stable distribution, these problems have been fixed in version 8.3.8-0lenny1 of the postgresql-8.3 source package. For the unstable distribution, these problems have been fixed in version 8.3.8-1 of the postgresql-8.3 source package, and version 8.4.1-1 of the postgresql-8.4 source package. We recommend that you upgrade your PostgreSQL packages.
Family: unix Class: patch
Reference(s): DSA-1900-1
CVE-2009-3229
CVE-2009-3230
CVE-2009-3231
Version: 7
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): postgresql-7.4
postgresql-8.1
postgresql-8.3
postgresql-8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18286
 
Oval ID: oval:org.mitre.oval:def:18286
Title: DSA-2340-1 postgresql - weak password hashing
Description: magnum discovered that the blowfish password hashing used amongst others in PostgreSQL contained a weakness that would give passwords with 8 bit characters the same hash as weaker equivalents.
Family: unix Class: patch
Reference(s): DSA-2340-1
CVE-2011-2483
Version: 7
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Debian GNU/Linux 5.0
Product(s): postgresql-8.4
postgresql-8.3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20579
 
Oval ID: oval:org.mitre.oval:def:20579
Title: USN-1229-1 -- postgresql-8.3, postgresql-8.4 vulnerability
Description: PostgreSQL incorrectly handled blowfish passwords.
Family: unix Class: patch
Reference(s): USN-1229-1
CVE-2011-2483
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 10.10
Ubuntu 10.04
Ubuntu 8.04
Product(s): postgresql-8.4
postgresql-8.3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21138
 
Oval ID: oval:org.mitre.oval:def:21138
Title: RHSA-2011:0197: postgresql security update (Moderate)
Description: Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.
Family: unix Class: patch
Reference(s): RHSA-2011:0197-01
CVE-2010-4015
CESA-2011:0197-CentOS 5
Version: 6
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21761
 
Oval ID: oval:org.mitre.oval:def:21761
Title: RHSA-2011:1423: php53 and php security update (Moderate)
Description: crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
Family: unix Class: patch
Reference(s): RHSA-2011:1423-01
CESA-2011:1423
CVE-2011-0708
CVE-2011-1148
CVE-2011-1466
CVE-2011-1468
CVE-2011-1469
CVE-2011-1471
CVE-2011-1938
CVE-2011-2202
CVE-2011-2483
Version: 120
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): php53
php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21774
 
Oval ID: oval:org.mitre.oval:def:21774
Title: RHSA-2010:0429: postgresql security update (Moderate)
Description: PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.
Family: unix Class: patch
Reference(s): RHSA-2010:0429-01
CESA-2010:0429
CVE-2009-4136
CVE-2010-0442
CVE-2010-0733
CVE-2010-1169
CVE-2010-1170
CVE-2010-1975
Version: 81
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21784
 
Oval ID: oval:org.mitre.oval:def:21784
Title: RHSA-2011:1378: postgresql84 security update (Moderate)
Description: crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
Family: unix Class: patch
Reference(s): RHSA-2011:1378-01
CESA-2011:1378
CVE-2011-2483
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): postgresql84
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21791
 
Oval ID: oval:org.mitre.oval:def:21791
Title: RHSA-2011:1377: postgresql security update (Moderate)
Description: crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
Family: unix Class: patch
Reference(s): RHSA-2011:1377-01
CESA-2011:1377
CVE-2011-2483
Version: 4
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
CentOS Linux 5
CentOS Linux 6
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21827
 
Oval ID: oval:org.mitre.oval:def:21827
Title: RHSA-2011:0198: postgresql84 security update (Moderate)
Description: Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.
Family: unix Class: patch
Reference(s): RHSA-2011:0198-01
CESA-2011:0198
CVE-2010-4015
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): postgresql84
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21895
 
Oval ID: oval:org.mitre.oval:def:21895
Title: RHSA-2010:0908: postgresql security update (Moderate)
Description: The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.
Family: unix Class: patch
Reference(s): RHSA-2010:0908-01
CVE-2010-3433
Version: 4
Platform(s): Red Hat Enterprise Linux 6
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22142
 
Oval ID: oval:org.mitre.oval:def:22142
Title: RHSA-2010:0430: postgresql84 security update (Moderate)
Description: PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.
Family: unix Class: patch
Reference(s): RHSA-2010:0430-01
CESA-2010:0430
CVE-2010-1169
CVE-2010-1170
CVE-2010-1975
Version: 42
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): postgresql84
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22220
 
Oval ID: oval:org.mitre.oval:def:22220
Title: RHSA-2010:0742: postgresql and postgresql84 security update (Moderate)
Description: The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.
Family: unix Class: patch
Reference(s): RHSA-2010:0742-01
CESA-2010:0742
CVE-2010-3433
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): postgresql
postgresql84
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22359
 
Oval ID: oval:org.mitre.oval:def:22359
Title: RHSA-2010:0458: perl security update (Moderate)
Description: The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution.
Family: unix Class: patch
Reference(s): RHSA-2010:0458-02
CESA-2010:0458
CVE-2008-5302
CVE-2008-5303
CVE-2010-1168
CVE-2010-1447
Version: 55
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): perl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22642
 
Oval ID: oval:org.mitre.oval:def:22642
Title: ELSA-2009:1484: postgresql security update (Moderate)
Description: The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.
Family: unix Class: patch
Reference(s): ELSA-2009:1484-01
CVE-2009-0922
CVE-2009-3230
Version: 13
Platform(s): Oracle Linux 5
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22753
 
Oval ID: oval:org.mitre.oval:def:22753
Title: ELSA-2010:0458: perl security update (Moderate)
Description: The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution.
Family: unix Class: patch
Reference(s): ELSA-2010:0458-02
CVE-2008-5302
CVE-2008-5303
CVE-2010-1168
CVE-2010-1447
Version: 21
Platform(s): Oracle Linux 5
Product(s): perl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22819
 
Oval ID: oval:org.mitre.oval:def:22819
Title: ELSA-2010:0742: postgresql and postgresql84 security update (Moderate)
Description: The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.
Family: unix Class: patch
Reference(s): ELSA-2010:0742-01
CVE-2010-3433
Version: 6
Platform(s): Oracle Linux 5
Product(s): postgresql
postgresql84
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22905
 
Oval ID: oval:org.mitre.oval:def:22905
Title: DEPRECATED: ELSA-2011:1377: postgresql security update (Moderate)
Description: crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
Family: unix Class: patch
Reference(s): ELSA-2011:1377-01
CVE-2011-2483
Version: 7
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22939
 
Oval ID: oval:org.mitre.oval:def:22939
Title: ELSA-2010:0429: postgresql security update (Moderate)
Description: PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.
Family: unix Class: patch
Reference(s): ELSA-2010:0429-01
CVE-2009-4136
CVE-2010-0442
CVE-2010-0733
CVE-2010-1169
CVE-2010-1170
CVE-2010-1975
Version: 29
Platform(s): Oracle Linux 5
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22945
 
Oval ID: oval:org.mitre.oval:def:22945
Title: DEPRECATED: ELSA-2011:1423: php53 and php security update (Moderate)
Description: crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
Family: unix Class: patch
Reference(s): ELSA-2011:1423-01
CVE-2011-0708
CVE-2011-1148
CVE-2011-1466
CVE-2011-1468
CVE-2011-1469
CVE-2011-1471
CVE-2011-1938
CVE-2011-2202
CVE-2011-2483
Version: 42
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): php53
php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22946
 
Oval ID: oval:org.mitre.oval:def:22946
Title: ELSA-2011:1377: postgresql security update (Moderate)
Description: crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
Family: unix Class: patch
Reference(s): ELSA-2011:1377-01
CVE-2011-2483
Version: 6
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23035
 
Oval ID: oval:org.mitre.oval:def:23035
Title: ELSA-2010:0908: postgresql security update (Moderate)
Description: The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.
Family: unix Class: patch
Reference(s): ELSA-2010:0908-01
CVE-2010-3433
Version: 6
Platform(s): Oracle Linux 6
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23110
 
Oval ID: oval:org.mitre.oval:def:23110
Title: ELSA-2010:0430: postgresql84 security update (Moderate)
Description: PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.
Family: unix Class: patch
Reference(s): ELSA-2010:0430-01
CVE-2010-1169
CVE-2010-1170
CVE-2010-1975
Version: 17
Platform(s): Oracle Linux 5
Product(s): postgresql84
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23125
 
Oval ID: oval:org.mitre.oval:def:23125
Title: ELSA-2011:0198: postgresql84 security update (Moderate)
Description: Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.
Family: unix Class: patch
Reference(s): ELSA-2011:0198-01
CVE-2010-4015
Version: 6
Platform(s): Oracle Linux 5
Product(s): postgresql84
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23307
 
Oval ID: oval:org.mitre.oval:def:23307
Title: ELSA-2011:1378: postgresql84 security update (Moderate)
Description: crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
Family: unix Class: patch
Reference(s): ELSA-2011:1378-01
CVE-2011-2483
Version: 6
Platform(s): Oracle Linux 5
Product(s): postgresql84
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23530
 
Oval ID: oval:org.mitre.oval:def:23530
Title: ELSA-2011:1423: php53 and php security update (Moderate)
Description: crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
Family: unix Class: patch
Reference(s): ELSA-2011:1423-01
CVE-2011-0708
CVE-2011-1148
CVE-2011-1466
CVE-2011-1468
CVE-2011-1469
CVE-2011-1471
CVE-2011-1938
CVE-2011-2202
CVE-2011-2483
Version: 41
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): php53
php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23539
 
Oval ID: oval:org.mitre.oval:def:23539
Title: ELSA-2011:0197: postgresql security update (Moderate)
Description: Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.
Family: unix Class: patch
Reference(s): ELSA-2011:0197-01
CVE-2010-4015
Version: 6
Platform(s): Oracle Linux 6
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27694
 
Oval ID: oval:org.mitre.oval:def:27694
Title: DEPRECATED: ELSA-2011-1378 -- postgresql84 security update (moderate)
Description: [8.4.9-1.el5_7.1] - Update to PostgreSQL 8.4.9, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-9.html http://www.postgresql.org/docs/8.4/static/release-8-4-8.html including the fix for CVE-2011-2483 Resolves: #740739
Family: unix Class: patch
Reference(s): ELSA-2011-1378
CVE-2011-2483
Version: 4
Platform(s): Oracle Linux 5
Product(s): postgresql84
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27731
 
Oval ID: oval:org.mitre.oval:def:27731
Title: DEPRECATED: ELSA-2011-0198 -- postgresql84 security update (moderate)
Description: [8.4.7-1.el5_6.1] - Update to PostgreSQL 8.4.7, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-7.html http://www.postgresql.org/docs/8.4/static/release-8-4-6.html including the fix for CVE-2010-4015 Resolves: #672636 - Ensure we don't package any .gitignore files from the source tarball
Family: unix Class: patch
Reference(s): ELSA-2011-0198
CVE-2010-4015
Version: 4
Platform(s): Oracle Linux 5
Product(s): postgresql84
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27970
 
Oval ID: oval:org.mitre.oval:def:27970
Title: DEPRECATED: ELSA-2010-0429 -- postgresql security update (moderate)
Description: [8.1.21-1.el5_5.1] - Update to PostgreSQL 8.1.21 to fix CVE-2010-1169, CVE-2010-1170, CVE-2009-4136, CVE-2010-0733, CVE-2010-0442, and assorted other bugs described at http://www.postgresql.org/docs/8.1/static/release.html Resolves: #586058
Family: unix Class: patch
Reference(s): ELSA-2010-0429
CVE-2009-4136
CVE-2010-0442
CVE-2010-0733
CVE-2010-1169
CVE-2010-1170
CVE-2010-1975
Version: 4
Platform(s): Oracle Linux 5
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28125
 
Oval ID: oval:org.mitre.oval:def:28125
Title: DEPRECATED: ELSA-2011-1423 -- php53 and php security update (moderate)
Description: [5.3.3-3.3] - improve CVE-2011-1466 fix to cover CAL_GREGORIAN, CAL_JEWISH [5.3.3-3.1] - add security fixes for CVE-2011-2483, CVE-2011-0708, CVE-2011-1148, CVE-2011-1466, CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1471, CVE-2011-1938, and CVE-2011-2202 (#740731)
Family: unix Class: patch
Reference(s): ELSA-2011-1423
CVE-2011-0708
CVE-2011-1148
CVE-2011-1466
CVE-2011-1468
CVE-2011-1469
CVE-2011-1471
CVE-2011-1938
CVE-2011-2202
CVE-2011-2483
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): php53
php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28185
 
Oval ID: oval:org.mitre.oval:def:28185
Title: DEPRECATED: ELSA-2010-0430 -- postgresql84 security update (moderate)
Description: [8.4.4-1.el5_5.1] - Update to PostgreSQL 8.4.4, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-4.html including fixes for CVE-2010-1169 and CVE-2010-1170 Resolves: #586060
Family: unix Class: patch
Reference(s): ELSA-2010-0430
CVE-2010-1169
CVE-2010-1170
CVE-2010-1975
Version: 4
Platform(s): Oracle Linux 5
Product(s): postgresql84
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28941
 
Oval ID: oval:org.mitre.oval:def:28941
Title: RHSA-2009:1484 -- postgresql security update (Moderate)
Description: Updated postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced object-relational database management system (DBMS). It was discovered that the upstream patch for CVE-2007-6600 included in the Red Hat Security Advisory RHSA-2008:0038 did not include protection against misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An authenticated user could use this flaw to install malicious code that would later execute with superuser privileges. (CVE-2009-3230)
Family: unix Class: patch
Reference(s): RHSA-2009:1484
CESA-2009:1484-CentOS 5
CVE-2009-0922
CVE-2009-3230
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
CentOS Linux 5
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6252
 
Oval ID: oval:org.mitre.oval:def:6252
Title: Security Vulnerability in PostgreSQL Shipped with Solaris may Allow a Denial of Service (DoS)
Description: PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0922
Version: 1
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6869
 
Oval ID: oval:org.mitre.oval:def:6869
Title: DSA-1964 postgresql-7.4, postgresql-8.1, postgresql-8.3 -- several vulnerabilities
Description: Several vulnerabilities have been discovered in PostgreSQL, a database server. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that PostgreSQL did not properly verify the Common Name attribute in X.509 certificates, enabling attackers to bypass the TLS protection on client-server connections, by relying on a certificate from a trusted CA which contains an embedded NUL byte in the Common Name. Authenticated database users could elevate their privileges by creating specially-crafted index functions. The following matrix shows fixed source package versions for the respective distributions. In addition to these security fixes, the updates contain reliability improvements and fix other defects. We recommend that you upgrade your PostgreSQL packages.
Family: unix Class: patch
Reference(s): DSA-1964
CVE-2009-4034
CVE-2009-4136
Version: 7
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): postgresql-7.4
postgresql-8.1
postgresql-8.3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7291
 
Oval ID: oval:org.mitre.oval:def:7291
Title: Privilege-escalation vulnerability in PostgreSQL version less than or equal to 9.0
Description: The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3433
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): PostgreSQL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7320
 
Oval ID: oval:org.mitre.oval:def:7320
Title: VMware ESX,Service Console update for perl.
Description: The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution.
Family: unix Class: vulnerability
Reference(s): CVE-2010-1447
Version: 5
Platform(s): VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7828
 
Oval ID: oval:org.mitre.oval:def:7828
Title: DSA-1900 postgresql-7.4, postgresql-8.1, postgresql-8.3, postgresql-8.4 -- several vulnerabilities
Description: Several vulnerabilities have been discovered in PostgreSQL, an SQL database system. The Common Vulnerabilities and Exposures project identifies the following problems: Authenticated users can shut down the backend server by re-LOAD-ing libraries in $libdir/plugins, if any libraries are present there. (The old stable distribution (etch) is not affected by this issue.) Authenticated non-superusers can gain database superuser privileges if they can create functions and tables due to incorrect execution of functions in functional indexes. If PostgreSQL is configured with LDAP authentication, and the LDAP configuration allows anonymous binds, it is possible for a user to authenticate themselves with an empty password. (The old stable distribution (etch) is not affected by this issue.) In addition, this update contains reliability improvements which do not target security issues.
Family: unix Class: patch
Reference(s): DSA-1900
CVE-2009-3229
CVE-2009-3230
CVE-2009-3231
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): postgresql-7.4
postgresql-8.1
postgresql-8.3
postgresql-8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9358
 
Oval ID: oval:org.mitre.oval:def:9358
Title: PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.
Description: PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4136
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9720
 
Oval ID: oval:org.mitre.oval:def:9720
Title: The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow."
Description: The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow."
Family: unix Class: vulnerability
Reference(s): CVE-2010-0442
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 372
Application 235
Application 10
Os 4
Os 2
Os 5
Os 2
Os 1

OpenVAS Exploits

Date Description
2012-09-10 Name : Slackware Advisory SSA:2011-237-01 php
File : nvt/esoft_slk_ssa_2011_237_01.nasl
2012-07-30 Name : CentOS Update for postgresql CESA-2011:0197 centos4 x86_64
File : nvt/gb_CESA-2011_0197_postgresql_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for postgresql CESA-2011:0197 centos5 x86_64
File : nvt/gb_CESA-2011_0197_postgresql_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for postgresql84 CESA-2011:0198 centos5 x86_64
File : nvt/gb_CESA-2011_0198_postgresql84_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for postgresql CESA-2011:1377 centos4 x86_64
File : nvt/gb_CESA-2011_1377_postgresql_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for postgresql CESA-2011:1377 centos5 x86_64
File : nvt/gb_CESA-2011_1377_postgresql_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for postgresql84 CESA-2011:1378 centos5 x86_64
File : nvt/gb_CESA-2011_1378_postgresql84_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for php53 CESA-2011:1423 centos5 x86_64
File : nvt/gb_CESA-2011_1423_php53_centos5_x86_64.nasl
2012-04-02 Name : Fedora Update for maniadrive FEDORA-2011-11464
File : nvt/gb_fedora_2011_11464_maniadrive_fc16.nasl
2012-03-19 Name : Fedora Update for php-eaccelerator FEDORA-2011-11464
File : nvt/gb_fedora_2011_11464_php-eaccelerator_fc16.nasl
2012-03-19 Name : Fedora Update for php FEDORA-2011-11464
File : nvt/gb_fedora_2011_11464_php_fc16.nasl
2012-02-12 Name : Debian Security Advisory DSA 2399-1 (php5)
File : nvt/deb_2399_1.nasl
2012-02-12 Name : Debian Security Advisory DSA 2399-2 (php5)
File : nvt/deb_2399_2.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-06 (php)
File : nvt/glsa_201110_06.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-22 (postgresql-server postgresql-base)
File : nvt/glsa_201110_22.nasl
2012-02-06 Name : Mac OS X Multiple Vulnerabilities (2012-001)
File : nvt/gb_macosx_su12-001.nasl
2011-12-23 Name : Mandriva Update for php-suhosin MDVSA-2011:180 (php-suhosin)
File : nvt/gb_mandriva_MDVSA_2011_180.nasl
2011-11-28 Name : Mandriva Update for glibc MDVSA-2011:178 (glibc)
File : nvt/gb_mandriva_MDVSA_2011_178.nasl
2011-11-11 Name : CentOS Update for postgresql CESA-2011:1377 centos4 i386
File : nvt/gb_CESA-2011_1377_postgresql_centos4_i386.nasl
2011-11-08 Name : Mandriva Update for php MDVSA-2011:165 (php)
File : nvt/gb_mandriva_MDVSA_2011_165.nasl
2011-11-03 Name : CentOS Update for php53 CESA-2011:1423 centos5 i386
File : nvt/gb_CESA-2011_1423_php53_centos5_i386.nasl
2011-11-03 Name : RedHat Update for php53 and php RHSA-2011:1423-01
File : nvt/gb_RHSA-2011_1423-01_php53_and_php.nasl
2011-10-31 Name : Mandriva Update for postgresql MDVSA-2011:161 (postgresql)
File : nvt/gb_mandriva_MDVSA_2011_161.nasl
2011-10-21 Name : CentOS Update for postgresql CESA-2011:1377 centos5 i386
File : nvt/gb_CESA-2011_1377_postgresql_centos5_i386.nasl
2011-10-21 Name : CentOS Update for postgresql84 CESA-2011:1378 centos5 i386
File : nvt/gb_CESA-2011_1378_postgresql84_centos5_i386.nasl
2011-10-21 Name : RedHat Update for postgresql RHSA-2011:1377-01
File : nvt/gb_RHSA-2011_1377-01_postgresql.nasl
2011-10-21 Name : RedHat Update for postgresql84 RHSA-2011:1378-01
File : nvt/gb_RHSA-2011_1378-01_postgresql84.nasl
2011-10-21 Name : Ubuntu Update for php5 USN-1231-1
File : nvt/gb_ubuntu_USN_1231_1.nasl
2011-10-14 Name : Ubuntu Update for postgresql-8.4 USN-1229-1
File : nvt/gb_ubuntu_USN_1229_1.nasl
2011-09-21 Name : FreeBSD Ports: php5, php5-sockets
File : nvt/freebsd_php513.nasl
2011-09-20 Name : Fedora Update for maniadrive FEDORA-2011-11528
File : nvt/gb_fedora_2011_11528_maniadrive_fc15.nasl
2011-09-20 Name : Fedora Update for php-eaccelerator FEDORA-2011-11528
File : nvt/gb_fedora_2011_11528_php-eaccelerator_fc15.nasl
2011-09-20 Name : Fedora Update for php FEDORA-2011-11528
File : nvt/gb_fedora_2011_11528_php_fc15.nasl
2011-09-20 Name : Fedora Update for maniadrive FEDORA-2011-11537
File : nvt/gb_fedora_2011_11537_maniadrive_fc14.nasl
2011-09-20 Name : Fedora Update for php-eaccelerator FEDORA-2011-11537
File : nvt/gb_fedora_2011_11537_php-eaccelerator_fc14.nasl
2011-09-20 Name : Fedora Update for php FEDORA-2011-11537
File : nvt/gb_fedora_2011_11537_php_fc14.nasl
2011-09-07 Name : PHP Multiple Vulnerabilities (Windows) - Sep 2011
File : nvt/gb_php_mult_vuln_win_sep11.nasl
2011-08-29 Name : PHP Versions Prior to 5.3.7 Multiple Security Vulnerabilities
File : nvt/gb_php_49241.nasl
2011-08-27 Name : SuSE Update for glibc,pam-modules,libxcrypt,pwdutils SUSE-SA:2011:035
File : nvt/gb_suse_2011_035.nasl
2011-08-09 Name : CentOS Update for postgresql CESA-2009:1484 centos4 i386
File : nvt/gb_CESA-2009_1484_postgresql_centos4_i386.nasl
2011-08-09 Name : CentOS Update for postgresql CESA-2009:1484 centos5 i386
File : nvt/gb_CESA-2009_1484_postgresql_centos5_i386.nasl
2011-08-09 Name : CentOS Update for rh-postgresql CESA-2009:1485 centos3 i386
File : nvt/gb_CESA-2009_1485_rh-postgresql_centos3_i386.nasl
2011-08-09 Name : CentOS Update for postgresql CESA-2010:0429 centos5 i386
File : nvt/gb_CESA-2010_0429_postgresql_centos5_i386.nasl
2011-08-09 Name : CentOS Update for postgresql84 CESA-2010:0430 centos5 i386
File : nvt/gb_CESA-2010_0430_postgresql84_centos5_i386.nasl
2011-08-09 Name : CentOS Update for perl CESA-2010:0458 centos5 i386
File : nvt/gb_CESA-2010_0458_perl_centos5_i386.nasl
2011-08-09 Name : CentOS Update for postgresql84 CESA-2010:0742 centos5 i386
File : nvt/gb_CESA-2010_0742_postgresql84_centos5_i386.nasl
2011-08-09 Name : CentOS Update for postgresql CESA-2010:0742 centos5 i386
File : nvt/gb_CESA-2010_0742_postgresql_centos5_i386.nasl
2011-08-09 Name : CentOS Update for postgresql CESA-2011:0197 centos5 i386
File : nvt/gb_CESA-2011_0197_postgresql_centos5_i386.nasl
2011-08-09 Name : CentOS Update for postgresql84 CESA-2011:0198 centos5 i386
File : nvt/gb_CESA-2011_0198_postgresql84_centos5_i386.nasl
2011-08-03 Name : Debian Security Advisory DSA 2267-1 (perl)
File : nvt/deb_2267_1.nasl
2011-05-10 Name : Ubuntu Update for perl USN-1129-1
File : nvt/gb_ubuntu_USN_1129_1.nasl
2011-04-29 Name : Fedora Update for perl FEDORA-2011-4918
File : nvt/gb_fedora_2011_4918_perl_fc13.nasl
2011-02-11 Name : CentOS Update for postgresql CESA-2011:0197 centos4 i386
File : nvt/gb_CESA-2011_0197_postgresql_centos4_i386.nasl
2011-02-11 Name : Fedora Update for postgresql FEDORA-2011-0963
File : nvt/gb_fedora_2011_0963_postgresql_fc13.nasl
2011-02-11 Name : Fedora Update for postgresql FEDORA-2011-0990
File : nvt/gb_fedora_2011_0990_postgresql_fc14.nasl
2011-02-11 Name : Mandriva Update for postgresql MDVSA-2011:021 (postgresql)
File : nvt/gb_mandriva_MDVSA_2011_021.nasl
2011-02-04 Name : RedHat Update for postgresql RHSA-2011:0197-01
File : nvt/gb_RHSA-2011_0197-01_postgresql.nasl
2011-02-04 Name : RedHat Update for postgresql84 RHSA-2011:0198-01
File : nvt/gb_RHSA-2011_0198-01_postgresql84.nasl
2011-02-04 Name : Ubuntu Update for PostgreSQL vulnerability USN-1058-1
File : nvt/gb_ubuntu_USN_1058_1.nasl
2011-02-02 Name : PostgreSQL 'intarray' Module 'gettoken()' Buffer Overflow Vulnerability
File : nvt/gb_postgresql_46084.nasl
2010-12-02 Name : Fedora Update for postgresql FEDORA-2010-15852
File : nvt/gb_fedora_2010_15852_postgresql_fc14.nasl
2010-12-02 Name : Fedora Update for sepostgresql FEDORA-2010-15870
File : nvt/gb_fedora_2010_15870_sepostgresql_fc14.nasl
2010-11-23 Name : Ubuntu Update for postgresql-8.4 vulnerability USN-1002-2
File : nvt/gb_ubuntu_USN_1002_2.nasl
2010-11-17 Name : Debian Security Advisory DSA 2120-1 (postgresql-8.3)
File : nvt/deb_2120_1.nasl
2010-11-04 Name : Fedora Update for sepostgresql FEDORA-2010-16004
File : nvt/gb_fedora_2010_16004_sepostgresql_fc13.nasl
2010-10-22 Name : Fedora Update for postgresql FEDORA-2010-15954
File : nvt/gb_fedora_2010_15954_postgresql_fc12.nasl
2010-10-22 Name : Fedora Update for postgresql FEDORA-2010-15960
File : nvt/gb_fedora_2010_15960_postgresql_fc13.nasl
2010-10-19 Name : CentOS Update for postgresql CESA-2010:0742 centos4 i386
File : nvt/gb_CESA-2010_0742_postgresql_centos4_i386.nasl
2010-10-19 Name : RedHat Update for postgresql and postgresql84 RHSA-2010:0742-01
File : nvt/gb_RHSA-2010_0742-01_postgresql_and_postgresql84.nasl
2010-10-19 Name : Mandriva Update for postgresql MDVSA-2010:197 (postgresql)
File : nvt/gb_mandriva_MDVSA_2010_197.nasl
2010-10-19 Name : Ubuntu Update for PostgreSQL vulnerability USN-1002-1
File : nvt/gb_ubuntu_USN_1002_1.nasl
2010-10-06 Name : PostgreSQL PL/Perl and PL/Tcl Local Privilege Escalation Vulnerability
File : nvt/gb_postgresql_43747.nasl
2010-08-16 Name : Fedora Update for perl FEDORA-2010-11340
File : nvt/gb_fedora_2010_11340_perl_fc12.nasl
2010-08-06 Name : Fedora Update for perl FEDORA-2010-11323
File : nvt/gb_fedora_2010_11323_perl_fc13.nasl
2010-06-15 Name : Mandriva Update for perl MDVSA-2010:115 (perl)
File : nvt/gb_mandriva_MDVSA_2010_115.nasl
2010-06-15 Name : Mandriva Update for perl MDVSA-2010:116 (perl)
File : nvt/gb_mandriva_MDVSA_2010_116.nasl
2010-06-14 Name : Perl Safe Module 'reval()' and 'rdo()' Restriction-Bypass Vulnerabilities
File : nvt/gb_perl_safe_40305.nasl
2010-06-11 Name : RedHat Update for perl RHSA-2010:0457-01
File : nvt/gb_RHSA-2010_0457-01_perl.nasl
2010-06-11 Name : RedHat Update for perl RHSA-2010:0458-02
File : nvt/gb_RHSA-2010_0458-02_perl.nasl
2010-06-03 Name : Debian Security Advisory DSA 2051-1 (postgresql-8.3)
File : nvt/deb_2051_1.nasl
2010-05-28 Name : CentOS Update for rh-postgresql CESA-2010:0427 centos3 i386
File : nvt/gb_CESA-2010_0427_rh-postgresql_centos3_i386.nasl
2010-05-28 Name : CentOS Update for postgresql CESA-2010:0428 centos4 i386
File : nvt/gb_CESA-2010_0428_postgresql_centos4_i386.nasl
2010-05-28 Name : RedHat Update for postgresql RHSA-2010:0427-01
File : nvt/gb_RHSA-2010_0427-01_postgresql.nasl
2010-05-28 Name : RedHat Update for postgresql RHSA-2010:0428-01
File : nvt/gb_RHSA-2010_0428-01_postgresql.nasl
2010-05-28 Name : RedHat Update for postgresql RHSA-2010:0429-01
File : nvt/gb_RHSA-2010_0429-01_postgresql.nasl
2010-05-28 Name : RedHat Update for postgresql84 RHSA-2010:0430-01
File : nvt/gb_RHSA-2010_0430-01_postgresql84.nasl
2010-05-28 Name : Fedora Update for postgresql FEDORA-2010-8715
File : nvt/gb_fedora_2010_8715_postgresql_fc12.nasl
2010-05-28 Name : Fedora Update for postgresql FEDORA-2010-8723
File : nvt/gb_fedora_2010_8723_postgresql_fc11.nasl
2010-05-28 Name : Mandriva Update for postgresql MDVSA-2010:103 (postgresql)
File : nvt/gb_mandriva_MDVSA_2010_103.nasl
2010-05-28 Name : Ubuntu Update for PostgreSQL vulnerabilities USN-942-1
File : nvt/gb_ubuntu_USN_942_1.nasl
2010-05-21 Name : PostgreSQL 'RESET ALL' Unauthorized Access Vulnerability
File : nvt/gb_postgresql_40304.nasl
2010-05-19 Name : PostgreSQL Multiple Security Vulnerabilities
File : nvt/gb_postgresql_40215.nasl
2010-04-30 Name : Ubuntu Update for PostgreSQL vulnerability USN-933-1
File : nvt/gb_ubuntu_USN_933_1.nasl
2010-04-16 Name : Mandriva Update for tkcvs MDVA-2010:115 (tkcvs)
File : nvt/gb_mandriva_MDVA_2010_115.nasl
2010-04-16 Name : Mandriva Update for timezone MDVA-2010:116 (timezone)
File : nvt/gb_mandriva_MDVA_2010_116.nasl
2010-03-30 Name : FreeBSD Ports: postgresql-server
File : nvt/freebsd_postgresql-server0.nasl
2010-03-30 Name : PostgreSQL Hash Table Integer Overflow Vulnerability
File : nvt/secpod_postgresql_int_overflow_vuln.nasl
2010-03-22 Name : Mandriva Update for poppler MDVA-2010:103 (poppler)
File : nvt/gb_mandriva_MDVA_2010_103.nasl
2010-01-28 Name : PostgreSQL 'bitsubstr' Buffer Overflow Vulnerability
File : nvt/postgresql_37973.nasl
2010-01-15 Name : Ubuntu Update for PostgreSQL vulnerabilities USN-876-1
File : nvt/gb_ubuntu_USN_876_1.nasl
2009-12-30 Name : Fedora Core 11 FEDORA-2009-13363 (postgresql)
File : nvt/fcore_2009_13363.nasl
2009-12-30 Name : Fedora Core 12 FEDORA-2009-13381 (postgresql)
File : nvt/fcore_2009_13381.nasl
2009-12-30 Name : FreeBSD Ports: postgresql-client, postgresql-server
File : nvt/freebsd_postgresql-client.nasl
2009-12-16 Name : PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulne...
File : nvt/postgressql_37334.nasl
2009-12-14 Name : Mandriva Security Advisory MDVSA-2009:251-1 (postgresql8.2)
File : nvt/mdksa_2009_251_1.nasl
2009-10-27 Name : SuSE Security Summary SUSE-SR:2009:017
File : nvt/suse_sr_2009_017.nasl
2009-10-19 Name : SuSE Security Summary SUSE-SR:2009:016
File : nvt/suse_sr_2009_016.nasl
2009-10-13 Name : RedHat Security Advisory RHSA-2009:1484
File : nvt/RHSA_2009_1484.nasl
2009-10-13 Name : RedHat Security Advisory RHSA-2009:1485
File : nvt/RHSA_2009_1485.nasl
2009-10-13 Name : CentOS Security Advisory CESA-2009:1484 (postgresql)
File : nvt/ovcesa2009_1484.nasl
2009-10-13 Name : CentOS Security Advisory CESA-2009:1485 (postgresql)
File : nvt/ovcesa2009_1485.nasl
2009-10-13 Name : SLES10: Security update for PostgreSQL
File : nvt/sles10_postgresql.nasl
2009-10-13 Name : SLES10: Security update for PostgreSQL
File : nvt/sles10_postgresql0.nasl
2009-10-11 Name : SLES11: Security update for PostgreSQL
File : nvt/sles11_postgresql.nasl
2009-10-11 Name : SLES11: Security update for PostgreSQL
File : nvt/sles11_postgresql0.nasl
2009-10-10 Name : SLES9: Security update for PostgreSQL
File : nvt/sles9p5047220.nasl
2009-10-10 Name : SLES9: Security update for PostgreSQL
File : nvt/sles9p5059340.nasl
2009-10-06 Name : Debian Security Advisory DSA 1900-1 (postgresql-7.4, postgresql-8.1, postgres...
File : nvt/deb_1900_1.nasl
2009-10-01 Name : PostgreSQL Multiple Security Vulnerabilities
File : nvt/postgreSQL_multiple_security_vulnerabilities.nasl
2009-09-28 Name : RedHat Security Advisory RHSA-2009:1461
File : nvt/RHSA_2009_1461.nasl
2009-09-28 Name : Ubuntu USN-834-1 (postgresql-8.3)
File : nvt/ubuntu_834_1.nasl
2009-09-15 Name : Fedora Core 10 FEDORA-2009-9474 (postgresql)
File : nvt/fcore_2009_9474.nasl
2009-06-05 Name : RedHat Security Advisory RHSA-2009:1067
File : nvt/RHSA_2009_1067.nasl
2009-06-05 Name : Ubuntu USN-776-2 (kvm)
File : nvt/ubuntu_776_2.nasl
2009-04-28 Name : SuSE Security Summary SUSE-SR:2009:009
File : nvt/suse_sr_2009_009.nasl
2009-04-24 Name : PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
File : nvt/postgresql_cve_2009_0922.nasl
2009-04-15 Name : Ubuntu USN-753-1 (postgresql-8.3)
File : nvt/ubuntu_753_1.nasl
2009-03-31 Name : Fedora Core 9 FEDORA-2009-2927 (postgresql)
File : nvt/fcore_2009_2927.nasl
2009-03-31 Name : Fedora Core 10 FEDORA-2009-2959 (postgresql)
File : nvt/fcore_2009_2959.nasl
2009-03-31 Name : Mandrake Security Advisory MDVSA-2009:079 (postgresql)
File : nvt/mdksa_2009_079.nasl
2009-03-26 Name : PostgreSQL Denial of Service Vulnerability (Linux)
File : nvt/secpod_postgresql_dos_vuln_lin.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
74742 PHP crypt_blowfish 8-bit Character Password Hash Cleartext Password Disclosure

70740 PostgreSQL intarray Module contrib/intarray/_int_bool.c gettoken() Function O...

PostgreSQL is prone to an overflow condition. The 'gettoken' function in 'contrib/intarray/_int_bool.c' in the intarray array module fails to properly sanitize user-supplied input resulting in a buffer overflow. With specially crafted integers with large numbers of digits to unspecified functions, a remote authenticated attacker can potentially execute arbitrary code.
68436 PostgreSQL PL perl / Tcl SECURITY DEFINER Function Crafted Script Code Execut...

PostgreSQL contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the PL/perl and PL/Tcl implementations fail to properly prevent different SQL users from executing scripts in the same session, allowing a remote authenticated attacker to use crafted script code in a SECURITY DEFINER function to gain elevated privileges, allowing the execution of SQL code with the privileges of the initial user.
64792 PostgreSQL RESET ALL Operation Privilege Check Weakness Arbitrary Parameter S...

64757 PostgreSQL PL / Tcl Implementation pltcl_modules Table Permission Weakness Ar...

64756 PostgreSQL Safe Module PL / perl Procedure Restriction Weakness Arbitrary Per...

64755 PostgreSQL Safe Module PL / perl Procedure Restriction Weakness Arbitrary Per...

63208 PostgreSQL src/backend/executor/nodeHash.c SELECT Statement Overflow DoS

62129 PostgreSQL backend/utils/adt/varbit.c bitsubstr Function Remote DoS

61039 PostgreSQL Index Function Session Manipulation Privilege Escalation

61038 PostgreSQL SSL Certificate Authority (CA) Null Byte Handling MiTM Weakness

57918 PostgreSQL $libdir/plugins Library Reload Backend Server Shutdown DoS

57917 PostgreSQL LDAP Anonymous Bind Authentication Bypass

57901 PostgreSQL RESET SESSION AUTHORIZATION Remote Privilege Escalation

54512 PostgreSQL Client-specific Encoding Localized Error Message Conversion DoS

Information Assurance Vulnerability Management (IAVM)

Date Description
2012-08-16 IAVM : 2012-A-0136 - Multiple Vulnerabilities in Juniper Network Management Products
Severity : Category I - VMSKEY : V0033662

Snort® IPS/IDS

Date Description
2014-01-10 PostgreSQL bit substring buffer overflow attempt
RuleID : 16393 - Revision : 9 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2016-03-08 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0013_remote.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2012-1336-1.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2011-7.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL13519.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-214.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-849.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_apache2-mod_php5-110907.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_glibc-110729.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_libxcrypt-110824.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_man-pages-110823.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_postgresql-101019.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_postgresql-110217.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_yast2-core-110822.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_apache2-mod_php5-110907.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_glibc-110729.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_libxcrypt-110824.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_man-pages-110823.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_yast2-core-110822.nasl - Type : ACT_GATHER_INFO
2013-09-13 Name : The remote host is affected by multiple vulnerabilities.
File : juniper_nsm_2012_1.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2011-07.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2011-12.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1484.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1485.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0427.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0428.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0429.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0430.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0457.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0458.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0742.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0197.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0198.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1377.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1378.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1423.nasl - Type : ACT_GATHER_INFO
2012-12-28 Name : The remote database server is affected by multiple vulnerabilities.
File : postgresql_20091214.nasl - Type : ACT_GATHER_INFO
2012-12-28 Name : The remote database server is affected by multiple vulnerabilities.
File : postgresql_20100517.nasl - Type : ACT_GATHER_INFO
2012-12-28 Name : The remote database server is affected by a privilege escalation vulnerability.
File : postgresql_20101005.nasl - Type : ACT_GATHER_INFO
2012-12-28 Name : The remote database server is affected by a buffer overflow vulnerability.
File : postgresql_20110201.nasl - Type : ACT_GATHER_INFO
2012-10-15 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-8311.nasl - Type : ACT_GATHER_INFO
2012-09-06 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-179.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091007_postgresql_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100519_postgresql84_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100519_postgresql_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100607_perl_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100607_perl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101006_postgresql_and_postgresql84_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101123_postgresql_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110203_postgresql84_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110203_postgresql_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111017_postgresql84_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111017_postgresql_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111102_php53_and_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-04-20 Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_0_0_24.nasl - Type : ACT_GATHER_INFO
2012-04-03 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_glibc-blowfish-7663.nasl - Type : ACT_GATHER_INFO
2012-02-06 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_glibc-blowfish-110729.nasl - Type : ACT_GATHER_INFO
2012-02-02 Name : The remote host is missing a Mac OS X update that fixes several security vuln...
File : macosx_10_7_3.nasl - Type : ACT_GATHER_INFO
2012-02-02 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2012-001.nasl - Type : ACT_GATHER_INFO
2012-02-01 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2399.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-7404.nasl - Type : ACT_GATHER_INFO
2011-11-29 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2011-180.nasl - Type : ACT_GATHER_INFO
2011-11-28 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-178.nasl - Type : ACT_GATHER_INFO
2011-11-08 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2340.nasl - Type : ACT_GATHER_INFO
2011-11-04 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-165.nasl - Type : ACT_GATHER_INFO
2011-11-03 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1423.nasl - Type : ACT_GATHER_INFO
2011-11-03 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1423.nasl - Type : ACT_GATHER_INFO
2011-10-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201110-22.nasl - Type : ACT_GATHER_INFO
2011-10-25 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-161.nasl - Type : ACT_GATHER_INFO
2011-10-19 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1377.nasl - Type : ACT_GATHER_INFO
2011-10-19 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1378.nasl - Type : ACT_GATHER_INFO
2011-10-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1231-1.nasl - Type : ACT_GATHER_INFO
2011-10-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1377.nasl - Type : ACT_GATHER_INFO
2011-10-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1378.nasl - Type : ACT_GATHER_INFO
2011-10-14 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1229-1.nasl - Type : ACT_GATHER_INFO
2011-10-12 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201110-06.nasl - Type : ACT_GATHER_INFO
2011-09-19 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2011-11528.nasl - Type : ACT_GATHER_INFO
2011-09-19 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2011-11537.nasl - Type : ACT_GATHER_INFO
2011-09-12 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2011-11464.nasl - Type : ACT_GATHER_INFO
2011-09-01 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_yast2-core-110830.nasl - Type : ACT_GATHER_INFO
2011-08-31 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libxcrypt-110824.nasl - Type : ACT_GATHER_INFO
2011-08-31 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_man-pages-110825.nasl - Type : ACT_GATHER_INFO
2011-08-26 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2011-237-01.nasl - Type : ACT_GATHER_INFO
2011-08-22 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_3_7.nasl - Type : ACT_GATHER_INFO
2011-08-20 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_057bf770cac411e0aea300215c6a37bb.nasl - Type : ACT_GATHER_INFO
2011-08-20 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12813.nasl - Type : ACT_GATHER_INFO
2011-08-20 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_glibc-7659.nasl - Type : ACT_GATHER_INFO
2011-07-05 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2267.nasl - Type : ACT_GATHER_INFO
2011-06-13 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1129-1.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_postgresql-110217.nasl - Type : ACT_GATHER_INFO
2011-04-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0198.nasl - Type : ACT_GATHER_INFO
2011-03-31 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_postgresql-110217.nasl - Type : ACT_GATHER_INFO
2011-03-31 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-7341.nasl - Type : ACT_GATHER_INFO
2011-03-17 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_postgresql-100111.nasl - Type : ACT_GATHER_INFO
2011-02-10 Name : The remote Fedora host is missing a security update.
File : fedora_2011-0963.nasl - Type : ACT_GATHER_INFO
2011-02-08 Name : The remote Fedora host is missing a security update.
File : fedora_2011-0990.nasl - Type : ACT_GATHER_INFO
2011-02-08 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-021.nasl - Type : ACT_GATHER_INFO
2011-02-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0197.nasl - Type : ACT_GATHER_INFO
2011-02-04 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2157.nasl - Type : ACT_GATHER_INFO
2011-02-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0197.nasl - Type : ACT_GATHER_INFO
2011-02-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0198.nasl - Type : ACT_GATHER_INFO
2011-02-04 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1058-1.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_perl-100730.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_postgresql-100525.nasl - Type : ACT_GATHER_INFO
2010-11-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0908.nasl - Type : ACT_GATHER_INFO
2010-10-29 Name : The remote Fedora host is missing a security update.
File : fedora_2010-15870.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote Fedora host is missing a security update.
File : fedora_2010-16004.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_postgresql-101012.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_postgresql-101019.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote Fedora host is missing a security update.
File : fedora_2010-15954.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote Fedora host is missing a security update.
File : fedora_2010-15960.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-7186.nasl - Type : ACT_GATHER_INFO
2010-10-18 Name : The remote Fedora host is missing a security update.
File : fedora_2010-15852.nasl - Type : ACT_GATHER_INFO
2010-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2120.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_perl-7108.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-6535.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-6768.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-7053.nasl - Type : ACT_GATHER_INFO
2010-10-08 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1002-1.nasl - Type : ACT_GATHER_INFO
2010-10-08 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1002-2.nasl - Type : ACT_GATHER_INFO
2010-10-07 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0742.nasl - Type : ACT_GATHER_INFO
2010-10-07 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-197.nasl - Type : ACT_GATHER_INFO
2010-10-07 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0742.nasl - Type : ACT_GATHER_INFO
2010-09-02 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2010-0013.nasl - Type : ACT_GATHER_INFO
2010-08-25 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12628.nasl - Type : ACT_GATHER_INFO
2010-08-19 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_perl-100730.nasl - Type : ACT_GATHER_INFO
2010-08-19 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_perl-100730.nasl - Type : ACT_GATHER_INFO
2010-08-14 Name : The remote Fedora host is missing a security update.
File : fedora_2010-11340.nasl - Type : ACT_GATHER_INFO
2010-08-03 Name : The remote Fedora host is missing a security update.
File : fedora_2010-11323.nasl - Type : ACT_GATHER_INFO
2010-07-14 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_postgresql-100525.nasl - Type : ACT_GATHER_INFO
2010-07-14 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_postgresql-100525.nasl - Type : ACT_GATHER_INFO
2010-07-14 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_postgresql-100525.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-8696.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-8715.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-8723.nasl - Type : ACT_GATHER_INFO
2010-06-14 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0458.nasl - Type : ACT_GATHER_INFO
2010-06-14 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-115.nasl - Type : ACT_GATHER_INFO
2010-06-14 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-116.nasl - Type : ACT_GATHER_INFO
2010-06-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0457.nasl - Type : ACT_GATHER_INFO
2010-06-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0458.nasl - Type : ACT_GATHER_INFO
2010-06-01 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0429.nasl - Type : ACT_GATHER_INFO
2010-06-01 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0430.nasl - Type : ACT_GATHER_INFO
2010-05-25 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2051.nasl - Type : ACT_GATHER_INFO
2010-05-24 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0427.nasl - Type : ACT_GATHER_INFO
2010-05-24 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0428.nasl - Type : ACT_GATHER_INFO
2010-05-24 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-942-1.nasl - Type : ACT_GATHER_INFO
2010-05-21 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-103.nasl - Type : ACT_GATHER_INFO
2010-05-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0427.nasl - Type : ACT_GATHER_INFO
2010-05-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0428.nasl - Type : ACT_GATHER_INFO
2010-05-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0429.nasl - Type : ACT_GATHER_INFO
2010-05-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0430.nasl - Type : ACT_GATHER_INFO
2010-04-29 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-933-1.nasl - Type : ACT_GATHER_INFO
2010-03-26 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_e050119b385611dfb2b2002170daae37.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1900.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1964.nasl - Type : ACT_GATHER_INFO
2010-01-19 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12571.nasl - Type : ACT_GATHER_INFO
2010-01-19 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_postgresql-100108.nasl - Type : ACT_GATHER_INFO
2010-01-19 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_postgresql-100108.nasl - Type : ACT_GATHER_INFO
2010-01-19 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_postgresql-100111.nasl - Type : ACT_GATHER_INFO
2010-01-19 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_postgresql-100108.nasl - Type : ACT_GATHER_INFO
2010-01-19 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-6767.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1484.nasl - Type : ACT_GATHER_INFO
2010-01-04 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-876-1.nasl - Type : ACT_GATHER_INFO
2009-12-18 Name : The remote Fedora host is missing a security update.
File : fedora_2009-13363.nasl - Type : ACT_GATHER_INFO
2009-12-18 Name : The remote Fedora host is missing a security update.
File : fedora_2009-13381.nasl - Type : ACT_GATHER_INFO
2009-12-17 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_e7bc5600eaa011debd9c00215c6a37bb.nasl - Type : ACT_GATHER_INFO
2009-12-16 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-333.nasl - Type : ACT_GATHER_INFO
2009-10-08 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1485.nasl - Type : ACT_GATHER_INFO
2009-10-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1484.nasl - Type : ACT_GATHER_INFO
2009-10-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1485.nasl - Type : ACT_GATHER_INFO
2009-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_postgresql-6502.nasl - Type : ACT_GATHER_INFO
2009-10-02 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-251.nasl - Type : ACT_GATHER_INFO
2009-09-29 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_postgresql-090917.nasl - Type : ACT_GATHER_INFO
2009-09-29 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_postgresql-090917.nasl - Type : ACT_GATHER_INFO
2009-09-28 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12509.nasl - Type : ACT_GATHER_INFO
2009-09-28 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_postgresql-090917.nasl - Type : ACT_GATHER_INFO
2009-09-28 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-6500.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12383.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_postgresql-090324.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-6114.nasl - Type : ACT_GATHER_INFO
2009-09-22 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-834-1.nasl - Type : ACT_GATHER_INFO
2009-09-14 Name : The remote Fedora host is missing a security update.
File : fedora_2009-9473.nasl - Type : ACT_GATHER_INFO
2009-09-14 Name : The remote Fedora host is missing a security update.
File : fedora_2009-9474.nasl - Type : ACT_GATHER_INFO
2009-09-11 Name : The database service running on the remote host has an authentication bypass ...
File : postgresql_ldap_auth_bypass.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_postgresql-090324.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_postgresql-090324.nasl - Type : ACT_GATHER_INFO
2009-06-28 Name : The remote host is missing Sun Security Patch number 138822-12
File : solaris10_138822.nasl - Type : ACT_GATHER_INFO
2009-06-28 Name : The remote host is missing Sun Security Patch number 138824-12
File : solaris10_138824.nasl - Type : ACT_GATHER_INFO
2009-06-28 Name : The remote host is missing Sun Security Patch number 138826-12
File : solaris10_138826.nasl - Type : ACT_GATHER_INFO
2009-06-28 Name : The remote host is missing Sun Security Patch number 138823-12
File : solaris10_x86_138823.nasl - Type : ACT_GATHER_INFO
2009-06-28 Name : The remote host is missing Sun Security Patch number 138825-12
File : solaris10_x86_138825.nasl - Type : ACT_GATHER_INFO
2009-06-28 Name : The remote host is missing Sun Security Patch number 138827-12
File : solaris10_x86_138827.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2009-2959.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-079.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-753-1.nasl - Type : ACT_GATHER_INFO
2009-04-16 Name : The remote openSUSE host is missing a security update.
File : suse_postgresql-6115.nasl - Type : ACT_GATHER_INFO
2009-03-24 Name : The remote Fedora host is missing a security update.
File : fedora_2009-2927.nasl - Type : ACT_GATHER_INFO
2008-03-04 Name : The remote host is missing Sun Security Patch number 137000-08
File : solaris10_137000.nasl - Type : ACT_GATHER_INFO
2008-03-04 Name : The remote host is missing Sun Security Patch number 137004-09
File : solaris10_137004.nasl - Type : ACT_GATHER_INFO
2008-03-04 Name : The remote host is missing Sun Security Patch number 137001-08
File : solaris10_x86_137001.nasl - Type : ACT_GATHER_INFO
2008-03-04 Name : The remote host is missing Sun Security Patch number 137005-09
File : solaris10_x86_137005.nasl - Type : ACT_GATHER_INFO
2008-02-05 Name : The remote host is missing Sun Security Patch number 136998-10
File : solaris10_136998.nasl - Type : ACT_GATHER_INFO
2008-02-05 Name : The remote host is missing Sun Security Patch number 136999-10
File : solaris10_x86_136999.nasl - Type : ACT_GATHER_INFO
2007-03-18 Name : The remote host is missing Sun Security Patch number 123590-12
File : solaris10_123590.nasl - Type : ACT_GATHER_INFO
2007-03-18 Name : The remote host is missing Sun Security Patch number 123591-12
File : solaris10_x86_123591.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:37:03
  • Multiple Updates