Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running PostgreSQL, Remote Execution of Arbitrary Code, Denial of Service (DoS)
Informations
Name HPSBMU02781 SSRT100617 First vendor Publication 2012-07-02
Vendor HP Last vendor Modification 2012-08-07
Severity (Vendor) N/A Revision 2

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:C/I:C/A:C)
Cvss Base Score 8.5 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 6.8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Potential security vulnerabilities have been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running PostgreSQL. The vulnerabilities could be remotely exploited resulting in execution of arbitrary code and Denial of Service (DoS) .

Original Source

Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03333585

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
CAPEC-13 Subverting Environment Variable Values
CAPEC-17 Accessing, Modifying or Executing Executable Files
CAPEC-22 Exploiting Trust in Client (aka Make the Client Invisible)
CAPEC-39 Manipulating Opaque Client-based Data Tokens
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-51 Poison Web Service Registry
CAPEC-57 Utilizing REST's Trust in the System Resource to Register Man in the Middle
CAPEC-59 Session Credential Falsification through Prediction
CAPEC-60 Reusing Session IDs (aka Session Replay)
CAPEC-76 Manipulating Input to File System Calls
CAPEC-77 Manipulating User-Controlled Variables
CAPEC-87 Forceful Browsing
CAPEC-94 Man in the Middle Attack
CAPEC-104 Cross Zone Scripting
CAPEC-114 Authentication Abuse

CWE : Common Weakness Enumeration

% Id Name
44 % CWE-264 Permissions, Privileges, and Access Controls
11 % CWE-399 Resource Management Errors
11 % CWE-310 Cryptographic Issues
11 % CWE-287 Improper Authentication
11 % CWE-189 Numeric Errors (CWE/SANS Top 25)
11 % CWE-94 Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10166
 
Oval ID: oval:org.mitre.oval:def:10166
Title: The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.
Description: The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3230
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10510
 
Oval ID: oval:org.mitre.oval:def:10510
Title: The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script.
Description: The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script.
Family: unix Class: vulnerability
Reference(s): CVE-2010-1170
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10645
 
Oval ID: oval:org.mitre.oval:def:10645
Title: PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. NOTE: some sources report that this issue is the same as CVE-2010-1447.
Description: PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. NOTE: some sources report that this issue is the same as CVE-2010-1447.
Family: unix Class: vulnerability
Reference(s): CVE-2010-1169
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10874
 
Oval ID: oval:org.mitre.oval:def:10874
Title: PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests.
Description: PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0922
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11004
 
Oval ID: oval:org.mitre.oval:def:11004
Title: PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.
Description: PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.
Family: unix Class: vulnerability
Reference(s): CVE-2010-1975
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11655
 
Oval ID: oval:org.mitre.oval:def:11655
Title: DSA-2051 postgresql-8.3 -- several vulnerabilities
Description: Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: Tim Bunce discovered that the implementation of the procedural language PL/Perl insufficiently restricts the subset of allowed code, which allows authenticated users the execution of arbitrary Perl code. Tom Lane discovered that the implementation of the procedural language PL/Tcl insufficiently restricts the subset of allowed code, which allows authenticated users the execution of arbitrary Tcl code. It was discovered that an unprivileged user could reset superuser-only parameter settings.
Family: unix Class: patch
Reference(s): DSA-2051
CVE-2010-0442
CVE-2010-1169
CVE-2010-1170
CVE-2010-1975
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): postgresql-8.3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12311
 
Oval ID: oval:org.mitre.oval:def:12311
Title: DSA-2120-1 postgresql-8.3 -- privilege escalation
Description: Tim Bunce discovered that PostgreSQL, a database server software, does not properly separate interpreters for server-side stored procedures which run in different security contexts. As a result, non-privileged authenticated database users might gain additional privileges. Note that this security update may impact intended communication through global variables between stored procedures. It might be necessary to convert these functions to run under the plperlu or pltclu languages, with database superuser privileges. This security update also includes unrelated bug fixes from PostgreSQL 8.3.12. For the stable distribution, this problem has been fixed in version 8.3_8.3.12-0lenny1. For the unstable distribution, this problem has been fixed in version 8.4.5-1 of the postgresql-8.4 package. We recommend that you upgrade your PostgreSQL packages.
Family: unix Class: patch
Reference(s): DSA-2120-1
CVE-2010-3433
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): postgresql-8.3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12782
 
Oval ID: oval:org.mitre.oval:def:12782
Title: DSA-2157-1 postgresql-8.3, postgresql-8.4, postgresql-9.0 -- buffer overflow
Description: It was discovered that PostgreSQL's intarray contrib module does not properly handle integers with a large number of digits, leading to a server crash and potentially arbitrary code execution.
Family: unix Class: patch
Reference(s): DSA-2157-1
CVE-2010-4015
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): postgresql-8.3, postgresql-8.4, postgresql-9.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12988
 
Oval ID: oval:org.mitre.oval:def:12988
Title: USN-1002-2 -- postgresql-8.4 vulnerability
Description: USN-1002-1 fixed vulnerabilities in PostgreSQL. This update provides the corresponding update for Ubuntu 10.10. Original advisory details: It was discovered that PostgreSQL did not properly enforce permissions within sessions when PL/Perl and PL/Tcl functions or operators were redefined. A remote authenticated attacker could exploit this to execute arbitrary code with permissions of a different user, possibly leading to privilege escalation.
Family: unix Class: patch
Reference(s): USN-1002-2
CVE-2010-3433
Version: 5
Platform(s): Ubuntu 10.10
Product(s): postgresql-8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13000
 
Oval ID: oval:org.mitre.oval:def:13000
Title: DSA-1964-1 postgresql-7.4, postgresql-8.1, postgresql-8.3 -- several
Description: Several vulnerabilities have been discovered in PostgreSQL, a database server. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that PostgreSQL did not properly verify the Common Name attribute in X.509 certificates, enabling attackers to bypass the TLS protection on client-server connections, by relying on a certificate from a trusted CA which contains an embedded NUL byte in the Common Name. Authenticated database users could elevate their privileges by creating specially-crafted index functions. The following table shows fixed source package versions for the respective distributions. oldstable/etch stable/lenny testing/unstable postgresql-7.4 1:7.4.27-0etch1 postgresql-8.1 8.1.19-0etch1 postgresql-8.3 8.3.9-0lenny1 8.3.9-1 postgresql-8.4 8.4.2-1 In addition to these security fixes, the updates contain reliability improvements and fix other defects. We recommend that you upgrade your PostgreSQL packages.
Family: unix Class: patch
Reference(s): DSA-1964-1
CVE-2009-4034
CVE-2009-4136
Version: 7
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): postgresql-7.4
postgresql-8.1
postgresql-8.3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13259
 
Oval ID: oval:org.mitre.oval:def:13259
Title: USN-876-1 -- postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerabilities
Description: It was discovered that PostgreSQL did not properly handle certificates with NULL characters in the Common Name field of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. It was discovered that PostgreSQL did not properly manage session-local state. A remote authenticated user could exploit this to escalate priviliges within PostgreSQL
Family: unix Class: patch
Reference(s): USN-876-1
CVE-2009-4034
CVE-2009-4136
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): postgresql-8.1
postgresql-8.3
postgresql-8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13288
 
Oval ID: oval:org.mitre.oval:def:13288
Title: USN-753-1 -- postgresql-8.1, postgresql-8.3 vulnerability
Description: It was discovered that PostgreSQL did not properly handle encoding conversion failures. An attacker could exploit this by sending specially crafted requests to PostgreSQL, leading to a denial of service.
Family: unix Class: patch
Reference(s): USN-753-1
CVE-2009-0922
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 6.06
Ubuntu 8.10
Product(s): postgresql-8.1
postgresql-8.3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13340
 
Oval ID: oval:org.mitre.oval:def:13340
Title: USN-1002-1 -- postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerability
Description: It was discovered that PostgreSQL did not properly enforce permissions within sessions when PL/Perl and PL/Tcl functions or operators were redefined. A remote authenticated attacker could exploit this to execute arbitrary code with permissions of a different user, possibly leading to privilege escalation.
Family: unix Class: patch
Reference(s): USN-1002-1
CVE-2010-3433
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.04
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): postgresql-8.1
postgresql-8.3
postgresql-8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13487
 
Oval ID: oval:org.mitre.oval:def:13487
Title: USN-942-1 -- postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerabilities
Description: It was discovered that the Safe.pm module as used by PostgreSQL did not properly restrict PL/perl procedures. If PostgreSQL was configured to use Perl stored procedures, a remote authenticated attacker could exploit this to execute arbitrary Perl code. It was discovered that PostgreSQL did not properly check permissions to restrict PL/Tcl procedures. If PostgreSQL was configured to use Tcl stored procedures, a remote authenticated attacker could exploit this to execute arbitrary Tcl code
Family: unix Class: patch
Reference(s): USN-942-1
CVE-2010-1169
CVE-2010-1170
CVE-2010-1975
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.04
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): postgresql-8.1
postgresql-8.3
postgresql-8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13636
 
Oval ID: oval:org.mitre.oval:def:13636
Title: DSA-2051-1 postgresql-8.3 -- several
Description: Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1169 Tim Bunce discovered that the implementation of the procedural language PL/Perl insufficiently restricts the subset of allowed code, which allows authenticated users the execution of arbitrary Perl code. CVE-2010-1170 Tom Lane discovered that the implementation of the procedural language PL/Tcl insufficiently restricts the subset of allowed code, which allows authenticated users the execution of arbitrary Tcl code. CVE-2010-1975 It was discovered that an unprivileged user could reset superuser-only parameter settings. For the stable distribution, these problems have been fixed in version 8.3.11-0lenny1. This update also introduces a fix for CVE-2010-0442, which was originally scheduled for the next Lenny point update. For the unstable distribution, these problems have been fixed in version 8.4.4-1 of postgresql-8.4. We recommend that you upgrade your postgresql-8.3 packages.
Family: unix Class: patch
Reference(s): DSA-2051-1
CVE-2010-0442
CVE-2010-1169
CVE-2010-1170
CVE-2010-1975
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): postgresql-8.3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13647
 
Oval ID: oval:org.mitre.oval:def:13647
Title: USN-834-1 -- postgresql-8.1, postgresql-8.3 vulnerabilities
Description: It was discovered that PostgreSQL could be made to unload and reload an already loaded module by using the LOAD command. A remote authenticated attacker could exploit this to cause a denial of service. This issue did not affect Ubuntu 6.06 LTS. Due to an incomplete fix for CVE-2007-6600, RESET ROLE and RESET SESSION AUTHORIZATION operations were allowed inside security-definer functions. A remote authenticated attacker could exploit this to escalate privileges within PostgreSQL. It was discovered that PostgreSQL did not properly perform LDAP authentication under certain circumstances. When configured to use LDAP with anonymous binds, a remote attacker could bypass authentication by supplying an empty password. This issue did not affect Ubuntu 6.06 LTS
Family: unix Class: patch
Reference(s): USN-834-1
CVE-2009-3229
CVE-2007-6600
CVE-2009-3230
CVE-2009-3231
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 9.04
Ubuntu 6.06
Ubuntu 8.10
Product(s): postgresql-8.1
postgresql-8.3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13707
 
Oval ID: oval:org.mitre.oval:def:13707
Title: USN-1058-1 -- postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerability
Description: Geoff Keating reported that a buffer overflow exists in the intarray module�s input function for the query_int type. This could allow an attacker to cause a denial of service or possibly execute arbitrary code as the postgres user.
Family: unix Class: patch
Reference(s): USN-1058-1
CVE-2010-4015
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 10.04
Ubuntu 9.10
Ubuntu 6.06
Product(s): postgresql-8.1
postgresql-8.3
postgresql-8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13708
 
Oval ID: oval:org.mitre.oval:def:13708
Title: DSA-1900-1 postgresql-7.4, postgresql-8.1, postgresql-8.3, postgresql-8.4 -- several
Description: Several vulnerabilities have been discovered in PostgreSQL, an SQL database system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3229 Authenticated users can shut down the backend server by re-LOAD-ing libraries in $libdir/plugins, if any libraries are present there. CVE-2009-3230 Authenticated non-superusers can gain database superuser privileges if they can create functions and tables due to incorrect execution of functions in functional indexes. CVE-2009-3231 If PostgreSQL is configured with LDAP authentication, and the LDAP configuration allows anonymous binds, it is possible for a user to authenticate themselves with an empty password. In addition, this update contains reliability improvements which do not target security issues. For the old stable distribution, these problems have been fixed in version 1:7.4.26-0etch1 of the postgresql-7.4 source package, and version 8.1.18-0etch1 of the postgresql-8.1 source package. For the stable distribution, these problems have been fixed in version 8.3.8-0lenny1 of the postgresql-8.3 source package. For the unstable distribution, these problems have been fixed in version 8.3.8-1 of the postgresql-8.3 source package, and version 8.4.1-1 of the postgresql-8.4 source package. We recommend that you upgrade your PostgreSQL packages.
Family: unix Class: patch
Reference(s): DSA-1900-1
CVE-2009-3229
CVE-2009-3230
CVE-2009-3231
Version: 7
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): postgresql-7.4
postgresql-8.1
postgresql-8.3
postgresql-8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21138
 
Oval ID: oval:org.mitre.oval:def:21138
Title: RHSA-2011:0197: postgresql security update (Moderate)
Description: Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.
Family: unix Class: patch
Reference(s): RHSA-2011:0197-01
CVE-2010-4015
CESA-2011:0197-CentOS 5
Version: 6
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21774
 
Oval ID: oval:org.mitre.oval:def:21774
Title: RHSA-2010:0429: postgresql security update (Moderate)
Description: PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.
Family: unix Class: patch
Reference(s): RHSA-2010:0429-01
CESA-2010:0429
CVE-2009-4136
CVE-2010-0442
CVE-2010-0733
CVE-2010-1169
CVE-2010-1170
CVE-2010-1975
Version: 81
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21827
 
Oval ID: oval:org.mitre.oval:def:21827
Title: RHSA-2011:0198: postgresql84 security update (Moderate)
Description: Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.
Family: unix Class: patch
Reference(s): RHSA-2011:0198-01
CESA-2011:0198
CVE-2010-4015
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): postgresql84
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21895
 
Oval ID: oval:org.mitre.oval:def:21895
Title: RHSA-2010:0908: postgresql security update (Moderate)
Description: The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.
Family: unix Class: patch
Reference(s): RHSA-2010:0908-01
CVE-2010-3433
Version: 4
Platform(s): Red Hat Enterprise Linux 6
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22142
 
Oval ID: oval:org.mitre.oval:def:22142
Title: RHSA-2010:0430: postgresql84 security update (Moderate)
Description: PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.
Family: unix Class: patch
Reference(s): RHSA-2010:0430-01
CESA-2010:0430
CVE-2010-1169
CVE-2010-1170
CVE-2010-1975
Version: 42
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): postgresql84
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22220
 
Oval ID: oval:org.mitre.oval:def:22220
Title: RHSA-2010:0742: postgresql and postgresql84 security update (Moderate)
Description: The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.
Family: unix Class: patch
Reference(s): RHSA-2010:0742-01
CESA-2010:0742
CVE-2010-3433
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): postgresql
postgresql84
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22642
 
Oval ID: oval:org.mitre.oval:def:22642
Title: ELSA-2009:1484: postgresql security update (Moderate)
Description: The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.
Family: unix Class: patch
Reference(s): ELSA-2009:1484-01
CVE-2009-0922
CVE-2009-3230
Version: 13
Platform(s): Oracle Linux 5
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22819
 
Oval ID: oval:org.mitre.oval:def:22819
Title: ELSA-2010:0742: postgresql and postgresql84 security update (Moderate)
Description: The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.
Family: unix Class: patch
Reference(s): ELSA-2010:0742-01
CVE-2010-3433
Version: 6
Platform(s): Oracle Linux 5
Product(s): postgresql
postgresql84
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22939
 
Oval ID: oval:org.mitre.oval:def:22939
Title: ELSA-2010:0429: postgresql security update (Moderate)
Description: PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.
Family: unix Class: patch
Reference(s): ELSA-2010:0429-01
CVE-2009-4136
CVE-2010-0442
CVE-2010-0733
CVE-2010-1169
CVE-2010-1170
CVE-2010-1975
Version: 29
Platform(s): Oracle Linux 5
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23035
 
Oval ID: oval:org.mitre.oval:def:23035
Title: ELSA-2010:0908: postgresql security update (Moderate)
Description: The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.
Family: unix Class: patch
Reference(s): ELSA-2010:0908-01
CVE-2010-3433
Version: 6
Platform(s): Oracle Linux 6
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23110
 
Oval ID: oval:org.mitre.oval:def:23110
Title: ELSA-2010:0430: postgresql84 security update (Moderate)
Description: PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.
Family: unix Class: patch
Reference(s): ELSA-2010:0430-01
CVE-2010-1169
CVE-2010-1170
CVE-2010-1975
Version: 17
Platform(s): Oracle Linux 5
Product(s): postgresql84
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23125
 
Oval ID: oval:org.mitre.oval:def:23125
Title: ELSA-2011:0198: postgresql84 security update (Moderate)
Description: Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.
Family: unix Class: patch
Reference(s): ELSA-2011:0198-01
CVE-2010-4015
Version: 6
Platform(s): Oracle Linux 5
Product(s): postgresql84
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23539
 
Oval ID: oval:org.mitre.oval:def:23539
Title: ELSA-2011:0197: postgresql security update (Moderate)
Description: Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.
Family: unix Class: patch
Reference(s): ELSA-2011:0197-01
CVE-2010-4015
Version: 6
Platform(s): Oracle Linux 6
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27731
 
Oval ID: oval:org.mitre.oval:def:27731
Title: DEPRECATED: ELSA-2011-0198 -- postgresql84 security update (moderate)
Description: [8.4.7-1.el5_6.1] - Update to PostgreSQL 8.4.7, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-7.html http://www.postgresql.org/docs/8.4/static/release-8-4-6.html including the fix for CVE-2010-4015 Resolves: #672636 - Ensure we don't package any .gitignore files from the source tarball
Family: unix Class: patch
Reference(s): ELSA-2011-0198
CVE-2010-4015
Version: 4
Platform(s): Oracle Linux 5
Product(s): postgresql84
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27970
 
Oval ID: oval:org.mitre.oval:def:27970
Title: DEPRECATED: ELSA-2010-0429 -- postgresql security update (moderate)
Description: [8.1.21-1.el5_5.1] - Update to PostgreSQL 8.1.21 to fix CVE-2010-1169, CVE-2010-1170, CVE-2009-4136, CVE-2010-0733, CVE-2010-0442, and assorted other bugs described at http://www.postgresql.org/docs/8.1/static/release.html Resolves: #586058
Family: unix Class: patch
Reference(s): ELSA-2010-0429
CVE-2009-4136
CVE-2010-0442
CVE-2010-0733
CVE-2010-1169
CVE-2010-1170
CVE-2010-1975
Version: 4
Platform(s): Oracle Linux 5
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28185
 
Oval ID: oval:org.mitre.oval:def:28185
Title: DEPRECATED: ELSA-2010-0430 -- postgresql84 security update (moderate)
Description: [8.4.4-1.el5_5.1] - Update to PostgreSQL 8.4.4, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-4.html including fixes for CVE-2010-1169 and CVE-2010-1170 Resolves: #586060
Family: unix Class: patch
Reference(s): ELSA-2010-0430
CVE-2010-1169
CVE-2010-1170
CVE-2010-1975
Version: 4
Platform(s): Oracle Linux 5
Product(s): postgresql84
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28941
 
Oval ID: oval:org.mitre.oval:def:28941
Title: RHSA-2009:1484 -- postgresql security update (Moderate)
Description: Updated postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced object-relational database management system (DBMS). It was discovered that the upstream patch for CVE-2007-6600 included in the Red Hat Security Advisory RHSA-2008:0038 did not include protection against misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An authenticated user could use this flaw to install malicious code that would later execute with superuser privileges. (CVE-2009-3230)
Family: unix Class: patch
Reference(s): RHSA-2009:1484
CESA-2009:1484-CentOS 5
CVE-2009-0922
CVE-2009-3230
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
CentOS Linux 5
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6252
 
Oval ID: oval:org.mitre.oval:def:6252
Title: Security Vulnerability in PostgreSQL Shipped with Solaris may Allow a Denial of Service (DoS)
Description: PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0922
Version: 1
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6869
 
Oval ID: oval:org.mitre.oval:def:6869
Title: DSA-1964 postgresql-7.4, postgresql-8.1, postgresql-8.3 -- several vulnerabilities
Description: Several vulnerabilities have been discovered in PostgreSQL, a database server. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that PostgreSQL did not properly verify the Common Name attribute in X.509 certificates, enabling attackers to bypass the TLS protection on client-server connections, by relying on a certificate from a trusted CA which contains an embedded NUL byte in the Common Name. Authenticated database users could elevate their privileges by creating specially-crafted index functions. The following matrix shows fixed source package versions for the respective distributions. In addition to these security fixes, the updates contain reliability improvements and fix other defects. We recommend that you upgrade your PostgreSQL packages.
Family: unix Class: patch
Reference(s): DSA-1964
CVE-2009-4034
CVE-2009-4136
Version: 7
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): postgresql-7.4
postgresql-8.1
postgresql-8.3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7291
 
Oval ID: oval:org.mitre.oval:def:7291
Title: Privilege-escalation vulnerability in PostgreSQL version less than or equal to 9.0
Description: The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3433
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): PostgreSQL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7828
 
Oval ID: oval:org.mitre.oval:def:7828
Title: DSA-1900 postgresql-7.4, postgresql-8.1, postgresql-8.3, postgresql-8.4 -- several vulnerabilities
Description: Several vulnerabilities have been discovered in PostgreSQL, an SQL database system. The Common Vulnerabilities and Exposures project identifies the following problems: Authenticated users can shut down the backend server by re-LOAD-ing libraries in $libdir/plugins, if any libraries are present there. (The old stable distribution (etch) is not affected by this issue.) Authenticated non-superusers can gain database superuser privileges if they can create functions and tables due to incorrect execution of functions in functional indexes. If PostgreSQL is configured with LDAP authentication, and the LDAP configuration allows anonymous binds, it is possible for a user to authenticate themselves with an empty password. (The old stable distribution (etch) is not affected by this issue.) In addition, this update contains reliability improvements which do not target security issues.
Family: unix Class: patch
Reference(s): DSA-1900
CVE-2009-3229
CVE-2009-3230
CVE-2009-3231
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): postgresql-7.4
postgresql-8.1
postgresql-8.3
postgresql-8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9358
 
Oval ID: oval:org.mitre.oval:def:9358
Title: PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.
Description: PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4136
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 125

OpenVAS Exploits

Date Description
2012-07-30 Name : CentOS Update for postgresql84 CESA-2011:0198 centos5 x86_64
File : nvt/gb_CESA-2011_0198_postgresql84_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for postgresql CESA-2011:0197 centos5 x86_64
File : nvt/gb_CESA-2011_0197_postgresql_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for postgresql CESA-2011:0197 centos4 x86_64
File : nvt/gb_CESA-2011_0197_postgresql_centos4_x86_64.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-22 (postgresql-server postgresql-base)
File : nvt/glsa_201110_22.nasl
2011-08-09 Name : CentOS Update for postgresql CESA-2011:0197 centos5 i386
File : nvt/gb_CESA-2011_0197_postgresql_centos5_i386.nasl
2011-08-09 Name : CentOS Update for postgresql CESA-2010:0429 centos5 i386
File : nvt/gb_CESA-2010_0429_postgresql_centos5_i386.nasl
2011-08-09 Name : CentOS Update for postgresql CESA-2010:0742 centos5 i386
File : nvt/gb_CESA-2010_0742_postgresql_centos5_i386.nasl
2011-08-09 Name : CentOS Update for rh-postgresql CESA-2009:1485 centos3 i386
File : nvt/gb_CESA-2009_1485_rh-postgresql_centos3_i386.nasl
2011-08-09 Name : CentOS Update for postgresql CESA-2009:1484 centos5 i386
File : nvt/gb_CESA-2009_1484_postgresql_centos5_i386.nasl
2011-08-09 Name : CentOS Update for postgresql CESA-2009:1484 centos4 i386
File : nvt/gb_CESA-2009_1484_postgresql_centos4_i386.nasl
2011-08-09 Name : CentOS Update for postgresql84 CESA-2010:0430 centos5 i386
File : nvt/gb_CESA-2010_0430_postgresql84_centos5_i386.nasl
2011-08-09 Name : CentOS Update for postgresql84 CESA-2011:0198 centos5 i386
File : nvt/gb_CESA-2011_0198_postgresql84_centos5_i386.nasl
2011-08-09 Name : CentOS Update for postgresql84 CESA-2010:0742 centos5 i386
File : nvt/gb_CESA-2010_0742_postgresql84_centos5_i386.nasl
2011-02-11 Name : CentOS Update for postgresql CESA-2011:0197 centos4 i386
File : nvt/gb_CESA-2011_0197_postgresql_centos4_i386.nasl
2011-02-11 Name : Fedora Update for postgresql FEDORA-2011-0963
File : nvt/gb_fedora_2011_0963_postgresql_fc13.nasl
2011-02-11 Name : Fedora Update for postgresql FEDORA-2011-0990
File : nvt/gb_fedora_2011_0990_postgresql_fc14.nasl
2011-02-11 Name : Mandriva Update for postgresql MDVSA-2011:021 (postgresql)
File : nvt/gb_mandriva_MDVSA_2011_021.nasl
2011-02-04 Name : Ubuntu Update for PostgreSQL vulnerability USN-1058-1
File : nvt/gb_ubuntu_USN_1058_1.nasl
2011-02-04 Name : RedHat Update for postgresql84 RHSA-2011:0198-01
File : nvt/gb_RHSA-2011_0198-01_postgresql84.nasl
2011-02-04 Name : RedHat Update for postgresql RHSA-2011:0197-01
File : nvt/gb_RHSA-2011_0197-01_postgresql.nasl
2011-02-02 Name : PostgreSQL 'intarray' Module 'gettoken()' Buffer Overflow Vulnerability
File : nvt/gb_postgresql_46084.nasl
2010-12-02 Name : Fedora Update for postgresql FEDORA-2010-15852
File : nvt/gb_fedora_2010_15852_postgresql_fc14.nasl
2010-12-02 Name : Fedora Update for sepostgresql FEDORA-2010-15870
File : nvt/gb_fedora_2010_15870_sepostgresql_fc14.nasl
2010-11-23 Name : Ubuntu Update for postgresql-8.4 vulnerability USN-1002-2
File : nvt/gb_ubuntu_USN_1002_2.nasl
2010-11-17 Name : Debian Security Advisory DSA 2120-1 (postgresql-8.3)
File : nvt/deb_2120_1.nasl
2010-11-04 Name : Fedora Update for sepostgresql FEDORA-2010-16004
File : nvt/gb_fedora_2010_16004_sepostgresql_fc13.nasl
2010-10-22 Name : Fedora Update for postgresql FEDORA-2010-15954
File : nvt/gb_fedora_2010_15954_postgresql_fc12.nasl
2010-10-22 Name : Fedora Update for postgresql FEDORA-2010-15960
File : nvt/gb_fedora_2010_15960_postgresql_fc13.nasl
2010-10-19 Name : Mandriva Update for postgresql MDVSA-2010:197 (postgresql)
File : nvt/gb_mandriva_MDVSA_2010_197.nasl
2010-10-19 Name : Ubuntu Update for PostgreSQL vulnerability USN-1002-1
File : nvt/gb_ubuntu_USN_1002_1.nasl
2010-10-19 Name : RedHat Update for postgresql and postgresql84 RHSA-2010:0742-01
File : nvt/gb_RHSA-2010_0742-01_postgresql_and_postgresql84.nasl
2010-10-19 Name : CentOS Update for postgresql CESA-2010:0742 centos4 i386
File : nvt/gb_CESA-2010_0742_postgresql_centos4_i386.nasl
2010-10-06 Name : PostgreSQL PL/Perl and PL/Tcl Local Privilege Escalation Vulnerability
File : nvt/gb_postgresql_43747.nasl
2010-06-03 Name : Debian Security Advisory DSA 2051-1 (postgresql-8.3)
File : nvt/deb_2051_1.nasl
2010-05-28 Name : RedHat Update for postgresql84 RHSA-2010:0430-01
File : nvt/gb_RHSA-2010_0430-01_postgresql84.nasl
2010-05-28 Name : Ubuntu Update for PostgreSQL vulnerabilities USN-942-1
File : nvt/gb_ubuntu_USN_942_1.nasl
2010-05-28 Name : Mandriva Update for postgresql MDVSA-2010:103 (postgresql)
File : nvt/gb_mandriva_MDVSA_2010_103.nasl
2010-05-28 Name : Fedora Update for postgresql FEDORA-2010-8723
File : nvt/gb_fedora_2010_8723_postgresql_fc11.nasl
2010-05-28 Name : Fedora Update for postgresql FEDORA-2010-8715
File : nvt/gb_fedora_2010_8715_postgresql_fc12.nasl
2010-05-28 Name : CentOS Update for rh-postgresql CESA-2010:0427 centos3 i386
File : nvt/gb_CESA-2010_0427_rh-postgresql_centos3_i386.nasl
2010-05-28 Name : CentOS Update for postgresql CESA-2010:0428 centos4 i386
File : nvt/gb_CESA-2010_0428_postgresql_centos4_i386.nasl
2010-05-28 Name : RedHat Update for postgresql RHSA-2010:0427-01
File : nvt/gb_RHSA-2010_0427-01_postgresql.nasl
2010-05-28 Name : RedHat Update for postgresql RHSA-2010:0428-01
File : nvt/gb_RHSA-2010_0428-01_postgresql.nasl
2010-05-28 Name : RedHat Update for postgresql RHSA-2010:0429-01
File : nvt/gb_RHSA-2010_0429-01_postgresql.nasl
2010-05-21 Name : PostgreSQL 'RESET ALL' Unauthorized Access Vulnerability
File : nvt/gb_postgresql_40304.nasl
2010-05-19 Name : PostgreSQL Multiple Security Vulnerabilities
File : nvt/gb_postgresql_40215.nasl
2010-03-22 Name : Mandriva Update for poppler MDVA-2010:103 (poppler)
File : nvt/gb_mandriva_MDVA_2010_103.nasl
2010-01-15 Name : Ubuntu Update for PostgreSQL vulnerabilities USN-876-1
File : nvt/gb_ubuntu_USN_876_1.nasl
2009-12-30 Name : Fedora Core 12 FEDORA-2009-13381 (postgresql)
File : nvt/fcore_2009_13381.nasl
2009-12-30 Name : FreeBSD Ports: postgresql-client, postgresql-server
File : nvt/freebsd_postgresql-client.nasl
2009-12-30 Name : Fedora Core 11 FEDORA-2009-13363 (postgresql)
File : nvt/fcore_2009_13363.nasl
2009-12-16 Name : PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulne...
File : nvt/postgressql_37334.nasl
2009-12-14 Name : Mandriva Security Advisory MDVSA-2009:251-1 (postgresql8.2)
File : nvt/mdksa_2009_251_1.nasl
2009-10-27 Name : SuSE Security Summary SUSE-SR:2009:017
File : nvt/suse_sr_2009_017.nasl
2009-10-19 Name : SuSE Security Summary SUSE-SR:2009:016
File : nvt/suse_sr_2009_016.nasl
2009-10-13 Name : RedHat Security Advisory RHSA-2009:1485
File : nvt/RHSA_2009_1485.nasl
2009-10-13 Name : RedHat Security Advisory RHSA-2009:1484
File : nvt/RHSA_2009_1484.nasl
2009-10-13 Name : CentOS Security Advisory CESA-2009:1484 (postgresql)
File : nvt/ovcesa2009_1484.nasl
2009-10-13 Name : CentOS Security Advisory CESA-2009:1485 (postgresql)
File : nvt/ovcesa2009_1485.nasl
2009-10-13 Name : SLES10: Security update for PostgreSQL
File : nvt/sles10_postgresql0.nasl
2009-10-13 Name : SLES10: Security update for PostgreSQL
File : nvt/sles10_postgresql.nasl
2009-10-11 Name : SLES11: Security update for PostgreSQL
File : nvt/sles11_postgresql0.nasl
2009-10-11 Name : SLES11: Security update for PostgreSQL
File : nvt/sles11_postgresql.nasl
2009-10-10 Name : SLES9: Security update for PostgreSQL
File : nvt/sles9p5047220.nasl
2009-10-10 Name : SLES9: Security update for PostgreSQL
File : nvt/sles9p5059340.nasl
2009-10-06 Name : Debian Security Advisory DSA 1900-1 (postgresql-7.4, postgresql-8.1, postgres...
File : nvt/deb_1900_1.nasl
2009-10-01 Name : PostgreSQL Multiple Security Vulnerabilities
File : nvt/postgreSQL_multiple_security_vulnerabilities.nasl
2009-09-28 Name : Ubuntu USN-834-1 (postgresql-8.3)
File : nvt/ubuntu_834_1.nasl
2009-09-28 Name : RedHat Security Advisory RHSA-2009:1461
File : nvt/RHSA_2009_1461.nasl
2009-09-15 Name : Fedora Core 10 FEDORA-2009-9474 (postgresql)
File : nvt/fcore_2009_9474.nasl
2009-06-05 Name : Ubuntu USN-776-2 (kvm)
File : nvt/ubuntu_776_2.nasl
2009-06-05 Name : RedHat Security Advisory RHSA-2009:1067
File : nvt/RHSA_2009_1067.nasl
2009-04-28 Name : SuSE Security Summary SUSE-SR:2009:009
File : nvt/suse_sr_2009_009.nasl
2009-04-24 Name : PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
File : nvt/postgresql_cve_2009_0922.nasl
2009-04-15 Name : Ubuntu USN-753-1 (postgresql-8.3)
File : nvt/ubuntu_753_1.nasl
2009-03-31 Name : Mandrake Security Advisory MDVSA-2009:079 (postgresql)
File : nvt/mdksa_2009_079.nasl
2009-03-31 Name : Fedora Core 10 FEDORA-2009-2959 (postgresql)
File : nvt/fcore_2009_2959.nasl
2009-03-31 Name : Fedora Core 9 FEDORA-2009-2927 (postgresql)
File : nvt/fcore_2009_2927.nasl
2009-03-26 Name : PostgreSQL Denial of Service Vulnerability (Linux)
File : nvt/secpod_postgresql_dos_vuln_lin.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
70740 PostgreSQL intarray Module contrib/intarray/_int_bool.c gettoken() Function O...

PostgreSQL is prone to an overflow condition. The 'gettoken' function in 'contrib/intarray/_int_bool.c' in the intarray array module fails to properly sanitize user-supplied input resulting in a buffer overflow. With specially crafted integers with large numbers of digits to unspecified functions, a remote authenticated attacker can potentially execute arbitrary code.
68436 PostgreSQL PL perl / Tcl SECURITY DEFINER Function Crafted Script Code Execut...

PostgreSQL contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the PL/perl and PL/Tcl implementations fail to properly prevent different SQL users from executing scripts in the same session, allowing a remote authenticated attacker to use crafted script code in a SECURITY DEFINER function to gain elevated privileges, allowing the execution of SQL code with the privileges of the initial user.
64792 PostgreSQL RESET ALL Operation Privilege Check Weakness Arbitrary Parameter S...

64757 PostgreSQL PL / Tcl Implementation pltcl_modules Table Permission Weakness Ar...

64755 PostgreSQL Safe Module PL / perl Procedure Restriction Weakness Arbitrary Per...

61039 PostgreSQL Index Function Session Manipulation Privilege Escalation

61038 PostgreSQL SSL Certificate Authority (CA) Null Byte Handling MiTM Weakness

57918 PostgreSQL $libdir/plugins Library Reload Backend Server Shutdown DoS

57917 PostgreSQL LDAP Anonymous Bind Authentication Bypass

57901 PostgreSQL RESET SESSION AUTHORIZATION Remote Privilege Escalation

54512 PostgreSQL Client-specific Encoding Localized Error Message Conversion DoS

Information Assurance Vulnerability Management (IAVM)

Date Description
2012-08-16 IAVM : 2012-A-0136 - Multiple Vulnerabilities in Juniper Network Management Products
Severity : Category I - VMSKEY : V0033662

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_postgresql-101019.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_postgresql-110217.nasl - Type : ACT_GATHER_INFO
2013-09-13 Name : The remote host is affected by multiple vulnerabilities.
File : juniper_nsm_2012_1.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1484.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1485.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0427.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0428.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0429.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0430.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0742.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0197.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0198.nasl - Type : ACT_GATHER_INFO
2012-12-28 Name : The remote database server is affected by multiple vulnerabilities.
File : postgresql_20091214.nasl - Type : ACT_GATHER_INFO
2012-12-28 Name : The remote database server is affected by multiple vulnerabilities.
File : postgresql_20100517.nasl - Type : ACT_GATHER_INFO
2012-12-28 Name : The remote database server is affected by a privilege escalation vulnerability.
File : postgresql_20101005.nasl - Type : ACT_GATHER_INFO
2012-12-28 Name : The remote database server is affected by a buffer overflow vulnerability.
File : postgresql_20110201.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091007_postgresql_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100519_postgresql84_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100519_postgresql_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101006_postgresql_and_postgresql84_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101123_postgresql_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110203_postgresql84_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110203_postgresql_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-7404.nasl - Type : ACT_GATHER_INFO
2011-10-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201110-22.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_postgresql-110217.nasl - Type : ACT_GATHER_INFO
2011-04-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0198.nasl - Type : ACT_GATHER_INFO
2011-03-31 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_postgresql-110217.nasl - Type : ACT_GATHER_INFO
2011-03-31 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-7341.nasl - Type : ACT_GATHER_INFO
2011-03-17 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_postgresql-100111.nasl - Type : ACT_GATHER_INFO
2011-02-10 Name : The remote Fedora host is missing a security update.
File : fedora_2011-0963.nasl - Type : ACT_GATHER_INFO
2011-02-08 Name : The remote Fedora host is missing a security update.
File : fedora_2011-0990.nasl - Type : ACT_GATHER_INFO
2011-02-08 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-021.nasl - Type : ACT_GATHER_INFO
2011-02-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0197.nasl - Type : ACT_GATHER_INFO
2011-02-04 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2157.nasl - Type : ACT_GATHER_INFO
2011-02-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0197.nasl - Type : ACT_GATHER_INFO
2011-02-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0198.nasl - Type : ACT_GATHER_INFO
2011-02-04 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1058-1.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_postgresql-100525.nasl - Type : ACT_GATHER_INFO
2010-11-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0908.nasl - Type : ACT_GATHER_INFO
2010-10-29 Name : The remote Fedora host is missing a security update.
File : fedora_2010-15870.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote Fedora host is missing a security update.
File : fedora_2010-16004.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_postgresql-101012.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_postgresql-101019.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote Fedora host is missing a security update.
File : fedora_2010-15954.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote Fedora host is missing a security update.
File : fedora_2010-15960.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-7186.nasl - Type : ACT_GATHER_INFO
2010-10-18 Name : The remote Fedora host is missing a security update.
File : fedora_2010-15852.nasl - Type : ACT_GATHER_INFO
2010-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2120.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-6535.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-6768.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-7053.nasl - Type : ACT_GATHER_INFO
2010-10-08 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1002-1.nasl - Type : ACT_GATHER_INFO
2010-10-08 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1002-2.nasl - Type : ACT_GATHER_INFO
2010-10-07 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0742.nasl - Type : ACT_GATHER_INFO
2010-10-07 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-197.nasl - Type : ACT_GATHER_INFO
2010-10-07 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0742.nasl - Type : ACT_GATHER_INFO
2010-07-14 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_postgresql-100525.nasl - Type : ACT_GATHER_INFO
2010-07-14 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_postgresql-100525.nasl - Type : ACT_GATHER_INFO
2010-07-14 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_postgresql-100525.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-8696.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-8715.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-8723.nasl - Type : ACT_GATHER_INFO
2010-06-01 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0429.nasl - Type : ACT_GATHER_INFO
2010-06-01 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0430.nasl - Type : ACT_GATHER_INFO
2010-05-25 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2051.nasl - Type : ACT_GATHER_INFO
2010-05-24 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0427.nasl - Type : ACT_GATHER_INFO
2010-05-24 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0428.nasl - Type : ACT_GATHER_INFO
2010-05-24 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-942-1.nasl - Type : ACT_GATHER_INFO
2010-05-21 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-103.nasl - Type : ACT_GATHER_INFO
2010-05-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0427.nasl - Type : ACT_GATHER_INFO
2010-05-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0428.nasl - Type : ACT_GATHER_INFO
2010-05-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0429.nasl - Type : ACT_GATHER_INFO
2010-05-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0430.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1900.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1964.nasl - Type : ACT_GATHER_INFO
2010-01-19 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12571.nasl - Type : ACT_GATHER_INFO
2010-01-19 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_postgresql-100108.nasl - Type : ACT_GATHER_INFO
2010-01-19 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_postgresql-100108.nasl - Type : ACT_GATHER_INFO
2010-01-19 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_postgresql-100111.nasl - Type : ACT_GATHER_INFO
2010-01-19 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_postgresql-100108.nasl - Type : ACT_GATHER_INFO
2010-01-19 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-6767.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1484.nasl - Type : ACT_GATHER_INFO
2010-01-04 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-876-1.nasl - Type : ACT_GATHER_INFO
2009-12-18 Name : The remote Fedora host is missing a security update.
File : fedora_2009-13363.nasl - Type : ACT_GATHER_INFO
2009-12-18 Name : The remote Fedora host is missing a security update.
File : fedora_2009-13381.nasl - Type : ACT_GATHER_INFO
2009-12-17 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_e7bc5600eaa011debd9c00215c6a37bb.nasl - Type : ACT_GATHER_INFO
2009-12-16 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-333.nasl - Type : ACT_GATHER_INFO
2009-10-08 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1485.nasl - Type : ACT_GATHER_INFO
2009-10-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1484.nasl - Type : ACT_GATHER_INFO
2009-10-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1485.nasl - Type : ACT_GATHER_INFO
2009-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_postgresql-6502.nasl - Type : ACT_GATHER_INFO
2009-10-02 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-251.nasl - Type : ACT_GATHER_INFO
2009-09-29 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_postgresql-090917.nasl - Type : ACT_GATHER_INFO
2009-09-29 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_postgresql-090917.nasl - Type : ACT_GATHER_INFO
2009-09-28 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12509.nasl - Type : ACT_GATHER_INFO
2009-09-28 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_postgresql-090917.nasl - Type : ACT_GATHER_INFO
2009-09-28 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-6500.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12383.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_postgresql-090324.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_postgresql-6114.nasl - Type : ACT_GATHER_INFO
2009-09-22 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-834-1.nasl - Type : ACT_GATHER_INFO
2009-09-14 Name : The remote Fedora host is missing a security update.
File : fedora_2009-9473.nasl - Type : ACT_GATHER_INFO
2009-09-14 Name : The remote Fedora host is missing a security update.
File : fedora_2009-9474.nasl - Type : ACT_GATHER_INFO
2009-09-11 Name : The database service running on the remote host has an authentication bypass ...
File : postgresql_ldap_auth_bypass.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_postgresql-090324.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_postgresql-090324.nasl - Type : ACT_GATHER_INFO
2009-06-28 Name : The remote host is missing Sun Security Patch number 138822-12
File : solaris10_138822.nasl - Type : ACT_GATHER_INFO
2009-06-28 Name : The remote host is missing Sun Security Patch number 138824-12
File : solaris10_138824.nasl - Type : ACT_GATHER_INFO
2009-06-28 Name : The remote host is missing Sun Security Patch number 138826-12
File : solaris10_138826.nasl - Type : ACT_GATHER_INFO
2009-06-28 Name : The remote host is missing Sun Security Patch number 138823-12
File : solaris10_x86_138823.nasl - Type : ACT_GATHER_INFO
2009-06-28 Name : The remote host is missing Sun Security Patch number 138825-12
File : solaris10_x86_138825.nasl - Type : ACT_GATHER_INFO
2009-06-28 Name : The remote host is missing Sun Security Patch number 138827-12
File : solaris10_x86_138827.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2009-2959.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-079.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-753-1.nasl - Type : ACT_GATHER_INFO
2009-04-16 Name : The remote openSUSE host is missing a security update.
File : suse_postgresql-6115.nasl - Type : ACT_GATHER_INFO
2009-03-24 Name : The remote Fedora host is missing a security update.
File : fedora_2009-2927.nasl - Type : ACT_GATHER_INFO
2008-03-04 Name : The remote host is missing Sun Security Patch number 137000-08
File : solaris10_137000.nasl - Type : ACT_GATHER_INFO
2008-03-04 Name : The remote host is missing Sun Security Patch number 137004-09
File : solaris10_137004.nasl - Type : ACT_GATHER_INFO
2008-03-04 Name : The remote host is missing Sun Security Patch number 137001-08
File : solaris10_x86_137001.nasl - Type : ACT_GATHER_INFO
2008-03-04 Name : The remote host is missing Sun Security Patch number 137005-09
File : solaris10_x86_137005.nasl - Type : ACT_GATHER_INFO
2008-02-05 Name : The remote host is missing Sun Security Patch number 136998-10
File : solaris10_136998.nasl - Type : ACT_GATHER_INFO
2008-02-05 Name : The remote host is missing Sun Security Patch number 136999-10
File : solaris10_x86_136999.nasl - Type : ACT_GATHER_INFO
2007-03-18 Name : The remote host is missing Sun Security Patch number 123590-12
File : solaris10_123590.nasl - Type : ACT_GATHER_INFO
2007-03-18 Name : The remote host is missing Sun Security Patch number 123591-12
File : solaris10_x86_123591.nasl - Type : ACT_GATHER_INFO