Executive Summary
Summary | |
---|---|
Title | PostgreSQL vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-876-1 | First vendor Publication | 2010-01-03 |
Vendor | Ubuntu | Last vendor Modification | 2010-01-03 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 8.04 LTS: Ubuntu 8.10: Ubuntu 9.04: Ubuntu 9.10: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that PostgreSQL did not properly handle certificates with NULL characters in the Common Name field of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-4034) It was discovered that PostgreSQL did not properly manage session-local state. A remote authenticated user could exploit this to escalate priviliges within PostgreSQL. (CVE-2009-4136) |
Original Source
Url : http://www.ubuntu.com/usn/USN-876-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-310 | Cryptographic Issues |
OVAL Definitions
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-22 (postgresql-server postgresql-base) File : nvt/glsa_201110_22.nasl |
2011-08-09 | Name : CentOS Update for postgresql CESA-2010:0429 centos5 i386 File : nvt/gb_CESA-2010_0429_postgresql_centos5_i386.nasl |
2010-05-28 | Name : CentOS Update for rh-postgresql CESA-2010:0427 centos3 i386 File : nvt/gb_CESA-2010_0427_rh-postgresql_centos3_i386.nasl |
2010-05-28 | Name : CentOS Update for postgresql CESA-2010:0428 centos4 i386 File : nvt/gb_CESA-2010_0428_postgresql_centos4_i386.nasl |
2010-05-28 | Name : RedHat Update for postgresql RHSA-2010:0427-01 File : nvt/gb_RHSA-2010_0427-01_postgresql.nasl |
2010-05-28 | Name : RedHat Update for postgresql RHSA-2010:0428-01 File : nvt/gb_RHSA-2010_0428-01_postgresql.nasl |
2010-05-28 | Name : RedHat Update for postgresql RHSA-2010:0429-01 File : nvt/gb_RHSA-2010_0429-01_postgresql.nasl |
2010-01-15 | Name : Ubuntu Update for PostgreSQL vulnerabilities USN-876-1 File : nvt/gb_ubuntu_USN_876_1.nasl |
2009-12-30 | Name : Fedora Core 11 FEDORA-2009-13363 (postgresql) File : nvt/fcore_2009_13363.nasl |
2009-12-30 | Name : Fedora Core 12 FEDORA-2009-13381 (postgresql) File : nvt/fcore_2009_13381.nasl |
2009-12-30 | Name : FreeBSD Ports: postgresql-client, postgresql-server File : nvt/freebsd_postgresql-client.nasl |
2009-12-16 | Name : PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulne... File : nvt/postgressql_37334.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
61039 | PostgreSQL Index Function Session Manipulation Privilege Escalation |
61038 | PostgreSQL SSL Certificate Authority (CA) Null Byte Handling MiTM Weakness |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0427.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0428.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0429.nasl - Type : ACT_GATHER_INFO |
2012-12-28 | Name : The remote database server is affected by multiple vulnerabilities. File : postgresql_20091214.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100519_postgresql_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2011-10-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-22.nasl - Type : ACT_GATHER_INFO |
2011-03-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_postgresql-100111.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_postgresql-6768.nasl - Type : ACT_GATHER_INFO |
2010-06-01 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0429.nasl - Type : ACT_GATHER_INFO |
2010-05-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0428.nasl - Type : ACT_GATHER_INFO |
2010-05-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0427.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0427.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0429.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0428.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1964.nasl - Type : ACT_GATHER_INFO |
2010-01-19 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12571.nasl - Type : ACT_GATHER_INFO |
2010-01-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_postgresql-100108.nasl - Type : ACT_GATHER_INFO |
2010-01-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_postgresql-100108.nasl - Type : ACT_GATHER_INFO |
2010-01-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_postgresql-100111.nasl - Type : ACT_GATHER_INFO |
2010-01-19 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_postgresql-100108.nasl - Type : ACT_GATHER_INFO |
2010-01-19 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_postgresql-6767.nasl - Type : ACT_GATHER_INFO |
2010-01-04 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-876-1.nasl - Type : ACT_GATHER_INFO |
2009-12-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-13381.nasl - Type : ACT_GATHER_INFO |
2009-12-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-13363.nasl - Type : ACT_GATHER_INFO |
2009-12-17 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_e7bc5600eaa011debd9c00215c6a37bb.nasl - Type : ACT_GATHER_INFO |
2009-12-16 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-333.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:06:28 |
|