Executive Summary
Summary | |
---|---|
Title | PostgreSQL vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-79-1 | First vendor Publication | 2005-02-10 |
Vendor | Ubuntu | Last vendor Modification | 2005-02-10 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: postgresql postgresql-contrib The problem can be corrected by upgrading the affected package to version 7.4.5-3ubuntu0.4. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: The execution of custom PostgreSQL functions can be restricted with the EXECUTE privilege. However, previous versions did not check this privilege when executing a function which was part of an aggregate. As a result, any database user could circumvent the EXECUTE restriction of functions with a particular (but very common) parameter structure by creating an aggregate wrapper around the function. (CAN-2005-0244) Several buffer overflows have been discovered in the SQL parser. These could be exploited by any database user to crash the PostgreSQL server or execute arbitrary code with the privileges of the server. (CAN-2005-0245, CAN-2005-0247) Finally, this update fixes a Denial of Service vulnerability of the contributed "intagg" module. By constructing specially crafted arrays, a database user was able to corrupt and crash the PostgreSQL server. (CAN-2005-0246). Please note that this module is part of the "postgresql-contrib" package, which is not officially supported by Ubuntu. |
Original Source
Url : http://www.ubuntu.com/usn/USN-79-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-264 | Permissions, Privileges, and Access Controls |
50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:9345 | |||
Oval ID: | oval:org.mitre.oval:def:9345 | ||
Title: | Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow attackers to execute arbitrary code via a large number of arguments to a refcursor function (gram.y), which leads to a heap-based buffer overflow, a different vulnerability than CVE-2005-0247. | ||
Description: | Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function, (3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and (4) a large number of INTO variables in a FETCH statement being handled by the make_fetch_stmt function, a different set of vulnerabilities than CVE-2005-0245. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0247 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for PostgreSQL File : nvt/sles9p5010972.nasl |
2009-10-10 | Name : SLES9: Security update for postgresql File : nvt/sles9p5013194.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200502-08 (postgresql) File : nvt/glsa_200502_08.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200502-19 (postgresql) File : nvt/glsa_200502_19.nasl |
2008-09-04 | Name : FreeBSD Ports: postgresql, postgresql-server, ja-postgresql File : nvt/freebsd_postgresql.nasl |
2008-09-04 | Name : FreeBSD Ports: postgresql, postgresql-server, ja-postgresql File : nvt/freebsd_postgresql3.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 683-1 (postgresql) File : nvt/deb_683_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
13896 | PostgreSQL make_fetch_stmt FETCH INTO Variables Overflow |
13895 | PostgreSQL make_select_stmt SELECT Variables Overflow |
13894 | PostgreSQL make_select_stmt SELECT INTO Variables Overflow |
13893 | PostgreSQL read_sql_construct SQL Variables Overflow |
13774 | PostgreSQL gram.y refcursor Function Argument Number Overflow |
13356 | PostgreSQL intagg Unspecified Security Issue |
13355 | PostgreSQL Aggregate Function EXECUTE Restriction Bypass |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-08-14 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_65c8ecf92adb11dba6e2000e0c2e438a.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-79-1.nasl - Type : ACT_GATHER_INFO |
2005-09-12 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-157.nasl - Type : ACT_GATHER_INFO |
2005-09-12 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-158.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_6b4b0b3f812711d9a9e70001020eed82.nasl - Type : ACT_GATHER_INFO |
2005-04-21 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_027.nasl - Type : ACT_GATHER_INFO |
2005-02-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-138.nasl - Type : ACT_GATHER_INFO |
2005-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-040.nasl - Type : ACT_GATHER_INFO |
2005-02-16 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-683.nasl - Type : ACT_GATHER_INFO |
2005-02-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-150.nasl - Type : ACT_GATHER_INFO |
2005-02-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200502-19.nasl - Type : ACT_GATHER_INFO |
2005-02-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200502-08.nasl - Type : ACT_GATHER_INFO |
2005-02-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-141.nasl - Type : ACT_GATHER_INFO |
2005-02-03 | Name : It may be possible to run arbitrary commands on the remote server. File : postgresql_multiple_flaws2.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:06:01 |
|