4.3 - USN-71-1

Executive Summary

Summary
Title	PostgreSQL vulnerability

Informations
Name	USN-71-1	First vendor Publication	2005-02-01
Vendor	Ubuntu	Last vendor Modification	2005-02-01
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:S/C:P/I:P/A:P)
Cvss Base Score	4.3	Attack Range	Local
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	3.1	Authentication	Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

postgresql

The problem can be corrected by upgrading the affected package to version 7.4.5-3ubuntu0.2. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

John Heasman discovered a local privilege escalation in the PostgreSQL server. Any user could use the LOAD extension to load any shared library into the PostgreSQL server; the library's initialisation function was then executed with the permissions of the server.

Now the use of LOAD is restricted to the database superuser (usually 'postgres').

Note: Since there is no way for normal database users to create arbitrary files, this vulnerability is not exploitable remotely, e. g. by uploading a shared library in the form of a Binary Large Object (BLOB) to a public web server.

Original Source

Url : http://www.ubuntu.com/usn/USN-71-1

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-94	Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10234

Oval ID:	oval:org.mitre.oval:def:10234
Title:	Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file.
Description:	PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users to load arbitrary shared libraries and execute code via the LOAD extension.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2005-0227	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section rh-postgresql-devel is earlier than 0:7.3.9-2 AND rh-postgresql-server is earlier than 0:7.3.9-2 AND rh-postgresql-python is earlier than 0:7.3.9-2 AND rh-postgresql-libs is earlier than 0:7.3.9-2 AND rh-postgresql-docs is earlier than 0:7.3.9-2 AND rh-postgresql-test is earlier than 0:7.3.9-2 AND rh-postgresql-pl is earlier than 0:7.3.9-2 AND rh-postgresql-tcl is earlier than 0:7.3.9-2 AND rh-postgresql is earlier than 0:7.3.9-2 AND rh-postgresql-contrib is earlier than 0:7.3.9-2 AND rh-postgresql-jdbc is earlier than 0:7.3.9-2 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section postgresql is earlier than 0:7.4.7-2.RHEL4.1 AND postgresql-docs is earlier than 0:7.4.7-2.RHEL4.1 AND postgresql-pl is earlier than 0:7.4.7-2.RHEL4.1 AND postgresql-tcl is earlier than 0:7.4.7-2.RHEL4.1 AND postgresql-libs is earlier than 0:7.4.7-2.RHEL4.1 AND postgresql-contrib is earlier than 0:7.4.7-2.RHEL4.1 AND postgresql-python is earlier than 0:7.4.7-2.RHEL4.1 AND postgresql-test is earlier than 0:7.4.7-2.RHEL4.1 AND postgresql-jdbc is earlier than 0:7.4.7-2.RHEL4.1 AND postgresql-server is earlier than 0:7.4.7-2.RHEL4.1 AND postgresql-devel is earlier than 0:7.4.7-2.RHEL4.1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Postgresql cpe:2.3:a:postgresql:postgresql:8.0.0:::::::* cpe:2.3:a:postgresql:postgresql:8.0:::::::* cpe:2.3:a:postgresql:postgresql:7.4.9:::::::* cpe:2.3:a:postgresql:postgresql:7.4.8:::::::* cpe:2.3:a:postgresql:postgresql:7.4.7:::::::* cpe:2.3:a:postgresql:postgresql:7.4.6:::::::* cpe:2.3:a:postgresql:postgresql:7.4.5:::::::* cpe:2.3:a:postgresql:postgresql:7.4.4:::::::* cpe:2.3:a:postgresql:postgresql:7.4.30:::::::* cpe:2.3:a:postgresql:postgresql:7.4.3:::::::* cpe:2.3:a:postgresql:postgresql:7.4.29:::::::* cpe:2.3:a:postgresql:postgresql:7.4.28:::::::* cpe:2.3:a:postgresql:postgresql:7.4.27:::::::* cpe:2.3:a:postgresql:postgresql:7.4.26:::::::* cpe:2.3:a:postgresql:postgresql:7.4.25:::::::* cpe:2.3:a:postgresql:postgresql:7.4.24:::::::* cpe:2.3:a:postgresql:postgresql:7.4.23:::::::* cpe:2.3:a:postgresql:postgresql:7.4.22:::::::* cpe:2.3:a:postgresql:postgresql:7.4.21:::::::* cpe:2.3:a:postgresql:postgresql:7.4.20:::::::* cpe:2.3:a:postgresql:postgresql:7.4.2:::::::* cpe:2.3:a:postgresql:postgresql:7.4.19:::::::* cpe:2.3:a:postgresql:postgresql:7.4.18:::::::* cpe:2.3:a:postgresql:postgresql:7.4.17:::::::* cpe:2.3:a:postgresql:postgresql:7.4.16:::::::* cpe:2.3:a:postgresql:postgresql:7.4.15:::::::* cpe:2.3:a:postgresql:postgresql:7.4.14:::::::* cpe:2.3:a:postgresql:postgresql:7.4.13:::::::* cpe:2.3:a:postgresql:postgresql:7.4.12:::::::* cpe:2.3:a:postgresql:postgresql:7.4.11:::::::* cpe:2.3:a:postgresql:postgresql:7.4.10:::::::* cpe:2.3:a:postgresql:postgresql:7.4.1:::::::* cpe:2.3:a:postgresql:postgresql:7.4:::::::* cpe:2.3:a:postgresql:postgresql:7.3.9:::::::* cpe:2.3:a:postgresql:postgresql:7.3.8:::::::* cpe:2.3:a:postgresql:postgresql:7.3.7:::::::* cpe:2.3:a:postgresql:postgresql:7.3.6:::::::* cpe:2.3:a:postgresql:postgresql:7.3.5:::::::* cpe:2.3:a:postgresql:postgresql:7.3.4:::::::* cpe:2.3:a:postgresql:postgresql:7.3.3:::::::* cpe:2.3:a:postgresql:postgresql:7.3.21:::::::* cpe:2.3:a:postgresql:postgresql:7.3.20:::::::* cpe:2.3:a:postgresql:postgresql:7.3.2:::::::* cpe:2.3:a:postgresql:postgresql:7.3.19:::::::* cpe:2.3:a:postgresql:postgresql:7.3.18:::::::* cpe:2.3:a:postgresql:postgresql:7.3.17:::::::* cpe:2.3:a:postgresql:postgresql:7.3.16:::::::* cpe:2.3:a:postgresql:postgresql:7.3.15:::::::* cpe:2.3:a:postgresql:postgresql:7.3.14:::::::* cpe:2.3:a:postgresql:postgresql:7.3.13:::::::* cpe:2.3:a:postgresql:postgresql:7.3.12:::::::* cpe:2.3:a:postgresql:postgresql:7.3.11:::::::* cpe:2.3:a:postgresql:postgresql:7.3.10:::::::* cpe:2.3:a:postgresql:postgresql:7.3.1:::::::* cpe:2.3:a:postgresql:postgresql:7.3.0:::::::* cpe:2.3:a:postgresql:postgresql:7.3:::::::* cpe:2.3:a:postgresql:postgresql:7.2.8:::::::* cpe:2.3:a:postgresql:postgresql:7.2.7:::::::* cpe:2.3:a:postgresql:postgresql:7.2.6:::::::* cpe:2.3:a:postgresql:postgresql:7.2.5:::::::* cpe:2.3:a:postgresql:postgresql:7.2.4:::::::* cpe:2.3:a:postgresql:postgresql:7.2.3:::::::* cpe:2.3:a:postgresql:postgresql:7.2.2:::::::* cpe:2.3:a:postgresql:postgresql:7.2.1:::::::* cpe:2.3:a:postgresql:postgresql:7.2:::::::* cpe:2.3:a:postgresql:postgresql:7.1.3:::::::* cpe:2.3:a:postgresql:postgresql:7.1.2:::::::* cpe:2.3:a:postgresql:postgresql:7.1.1:::::::* cpe:2.3:a:postgresql:postgresql:7.1:::::::* cpe:2.3:a:postgresql:postgresql:7.0.3:::::::* cpe:2.3:a:postgresql:postgresql:7.0.2:::::::* cpe:2.3:a:postgresql:postgresql:7.0.1:::::::* cpe:2.3:a:postgresql:postgresql:7.0:::::::* cpe:2.3:a:postgresql:postgresql:6.5.3.1:::::::* cpe:2.3:a:postgresql:postgresql:6.5.3:::::::* cpe:2.3:a:postgresql:postgresql:6.5.2:::::::* cpe:2.3:a:postgresql:postgresql:6.5.1:::::::* cpe:2.3:a:postgresql:postgresql:6.5.0:::::::* cpe:2.3:a:postgresql:postgresql:6.5:::::::* cpe:2.3:a:postgresql:postgresql:6.4.2:::::::* cpe:2.3:a:postgresql:postgresql:6.4.1:::::::* cpe:2.3:a:postgresql:postgresql:6.4:::::::* cpe:2.3:a:postgresql:postgresql:6.3.2:::::::* cpe:2.3:a:postgresql:postgresql:6.3.1:::::::* cpe:2.3:a:postgresql:postgresql:6.3:::::::* cpe:2.3:a:postgresql:postgresql:6.2.1:::::::* cpe:2.3:a:postgresql:postgresql:6.2:::::::* cpe:2.3:a:postgresql:postgresql:6.1.1:::::::* cpe:2.3:a:postgresql:postgresql:6.1:::::::* cpe:2.3:a:postgresql:postgresql:6.0:::::::* cpe:2.3:a:postgresql:postgresql:1.09:::::::* cpe:2.3:a:postgresql:postgresql:1.08:::::::* cpe:2.3:a:postgresql:postgresql:1.02:::::::* cpe:2.3:a:postgresql:postgresql:1.01:::::::* cpe:2.3:a:postgresql:postgresql:1.0:::::::* cpe:2.3:a:postgresql:postgresql:::::::: cpe:2.3:a:postgresql:postgresql:-:::::::* cpe:2.3:a:postgresql:postgresql:-:::::ubuntu:: cpe:2.3:a:postgresql:postgresql:-:::::debian::	99

OpenVAS Exploits

Date	Description
2009-10-10	Name : SLES9: Security update for PostgreSQL File : nvt/sles9p5010972.nasl
2009-10-10	Name : SLES9: Security update for postgresql File : nvt/sles9p5013194.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200502-08 (postgresql) File : nvt/glsa_200502_08.nasl
2008-09-04	Name : FreeBSD Ports: postgresql, postgresql-server, ja-postgresql File : nvt/freebsd_postgresql0.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
13354	PostgreSQL LOAD Arbitrary Command Execution

Nessus® Vulnerability Scanner

Date	Description
2006-01-15	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-71-1.nasl - Type : ACT_GATHER_INFO
2005-07-13	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_5d4251897a0311d9a9e70001020eed82.nasl - Type : ACT_GATHER_INFO
2005-02-22	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-138.nasl - Type : ACT_GATHER_INFO
2005-02-18	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-040.nasl - Type : ACT_GATHER_INFO
2005-02-16	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-150.nasl - Type : ACT_GATHER_INFO
2005-02-14	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200502-08.nasl - Type : ACT_GATHER_INFO
2005-02-14	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-141.nasl - Type : ACT_GATHER_INFO
2005-02-10	Name : The remote Debian host is missing a security-related update. File : debian_DSA-668.nasl - Type : ACT_GATHER_INFO
2005-02-10	Name : The remote Fedora Core host is missing a security update. File : fedora_2005-124.nasl - Type : ACT_GATHER_INFO
2005-02-10	Name : The remote Fedora Core host is missing a security update. File : fedora_2005-125.nasl - Type : ACT_GATHER_INFO
2005-02-03	Name : It may be possible to run arbitrary commands on the remote server. File : postgresql_multiple_flaws2.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 12:05:38	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	1
CPE ID(s)	99
osvdb(s)	1
Openvas Exploit(s)	4
Nessus® Exploit(s)	11

	Related
4.3	CVE-2005-0227
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

4.3 - USN-71-1

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU