Executive Summary
Summary | |
---|---|
Title | postgresql security update |
Informations | |||
---|---|---|---|
Name | RHSA-2005:138 | First vendor Publication | 2005-02-15 |
Vendor | RedHat | Last vendor Modification | 2005-02-15 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated postresql packages that correct various security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: A flaw in the LOAD command in PostgreSQL was discovered. A local user could use this flaw to load arbitrary shared libraries and therefore execute arbitrary code, gaining the privileges of the PostgreSQL server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0227 to this issue. A permission checking flaw in PostgreSQL was discovered. A local user could bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0244 to this issue. Multiple buffer overflows were found in PL/PgSQL. A database user who has permissions to create plpgsql functions could trigger this flaw which could lead to arbitrary code execution, gaining the privileges of the PostgreSQL server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0245 and CAN-2005-0247 to these issues. A flaw in the integer aggregator (intagg) contrib module for PostgreSQL was found. A user could create carefully crafted arrays and cause a denial of service (crash). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0246 to this issue. The update also fixes some minor problems, notably conflicts with SELinux. Users of postgresql should update to these erratum packages that contain patches and are not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 147380 - CAN-2005-0227 Multiple security issues in PostgreSQL (CAN-2005-0244 CAN-2005-0245 CAN-2005-0246 CAN-2005-0247) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2005-138.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-264 | Permissions, Privileges, and Access Controls |
33 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
33 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:9345 | |||
Oval ID: | oval:org.mitre.oval:def:9345 | ||
Title: | Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow attackers to execute arbitrary code via a large number of arguments to a refcursor function (gram.y), which leads to a heap-based buffer overflow, a different vulnerability than CVE-2005-0247. | ||
Description: | Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function, (3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and (4) a large number of INTO variables in a FETCH statement being handled by the make_fetch_stmt function, a different set of vulnerabilities than CVE-2005-0245. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0247 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for PostgreSQL File : nvt/sles9p5010972.nasl |
2009-10-10 | Name : SLES9: Security update for postgresql File : nvt/sles9p5013194.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200502-08 (postgresql) File : nvt/glsa_200502_08.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200502-19 (postgresql) File : nvt/glsa_200502_19.nasl |
2008-09-04 | Name : FreeBSD Ports: postgresql, postgresql-server, ja-postgresql File : nvt/freebsd_postgresql.nasl |
2008-09-04 | Name : FreeBSD Ports: postgresql, postgresql-server, ja-postgresql File : nvt/freebsd_postgresql0.nasl |
2008-09-04 | Name : FreeBSD Ports: postgresql, postgresql-server, ja-postgresql File : nvt/freebsd_postgresql3.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 683-1 (postgresql) File : nvt/deb_683_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
13896 | PostgreSQL make_fetch_stmt FETCH INTO Variables Overflow |
13895 | PostgreSQL make_select_stmt SELECT Variables Overflow |
13894 | PostgreSQL make_select_stmt SELECT INTO Variables Overflow |
13893 | PostgreSQL read_sql_construct SQL Variables Overflow |
13774 | PostgreSQL gram.y refcursor Function Argument Number Overflow |
13356 | PostgreSQL intagg Unspecified Security Issue |
13355 | PostgreSQL Aggregate Function EXECUTE Restriction Bypass |
13354 | PostgreSQL LOAD Arbitrary Command Execution |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-08-14 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_65c8ecf92adb11dba6e2000e0c2e438a.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-79-1.nasl - Type : ACT_GATHER_INFO |
2005-09-12 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-157.nasl - Type : ACT_GATHER_INFO |
2005-09-12 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-158.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_5d4251897a0311d9a9e70001020eed82.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_6b4b0b3f812711d9a9e70001020eed82.nasl - Type : ACT_GATHER_INFO |
2005-04-21 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_027.nasl - Type : ACT_GATHER_INFO |
2005-02-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-138.nasl - Type : ACT_GATHER_INFO |
2005-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-040.nasl - Type : ACT_GATHER_INFO |
2005-02-16 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-683.nasl - Type : ACT_GATHER_INFO |
2005-02-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-150.nasl - Type : ACT_GATHER_INFO |
2005-02-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200502-19.nasl - Type : ACT_GATHER_INFO |
2005-02-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200502-08.nasl - Type : ACT_GATHER_INFO |
2005-02-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-141.nasl - Type : ACT_GATHER_INFO |
2005-02-10 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-125.nasl - Type : ACT_GATHER_INFO |
2005-02-10 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-124.nasl - Type : ACT_GATHER_INFO |
2005-02-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-668.nasl - Type : ACT_GATHER_INFO |
2005-02-03 | Name : It may be possible to run arbitrary commands on the remote server. File : postgresql_multiple_flaws2.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:49:05 |
|