Executive Summary
Summary | |
---|---|
Title | PostgreSQL vulnerability |
Informations | |||
---|---|---|---|
Name | USN-933-1 | First vendor Publication | 2010-04-28 |
Vendor | Ubuntu | Last vendor Modification | 2010-04-28 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 8.04 LTS: Ubuntu 9.04: Ubuntu 9.10: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that PostgreSQL did not properly sanitize its input when using substring() with a SELECT statement. A remote authenticated attacker could exploit this to cause a denial of service via application crash. |
Original Source
Url : http://www.ubuntu.com/usn/USN-933-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-22 (postgresql-server postgresql-base) File : nvt/glsa_201110_22.nasl |
2011-08-09 | Name : CentOS Update for postgresql CESA-2010:0429 centos5 i386 File : nvt/gb_CESA-2010_0429_postgresql_centos5_i386.nasl |
2010-06-03 | Name : Debian Security Advisory DSA 2051-1 (postgresql-8.3) File : nvt/deb_2051_1.nasl |
2010-05-28 | Name : CentOS Update for rh-postgresql CESA-2010:0427 centos3 i386 File : nvt/gb_CESA-2010_0427_rh-postgresql_centos3_i386.nasl |
2010-05-28 | Name : CentOS Update for postgresql CESA-2010:0428 centos4 i386 File : nvt/gb_CESA-2010_0428_postgresql_centos4_i386.nasl |
2010-05-28 | Name : RedHat Update for postgresql RHSA-2010:0427-01 File : nvt/gb_RHSA-2010_0427-01_postgresql.nasl |
2010-05-28 | Name : RedHat Update for postgresql RHSA-2010:0428-01 File : nvt/gb_RHSA-2010_0428-01_postgresql.nasl |
2010-05-28 | Name : RedHat Update for postgresql RHSA-2010:0429-01 File : nvt/gb_RHSA-2010_0429-01_postgresql.nasl |
2010-05-28 | Name : Mandriva Update for postgresql MDVSA-2010:103 (postgresql) File : nvt/gb_mandriva_MDVSA_2010_103.nasl |
2010-04-30 | Name : Ubuntu Update for PostgreSQL vulnerability USN-933-1 File : nvt/gb_ubuntu_USN_933_1.nasl |
2010-03-30 | Name : FreeBSD Ports: postgresql-server File : nvt/freebsd_postgresql-server0.nasl |
2010-03-22 | Name : Mandriva Update for poppler MDVA-2010:103 (poppler) File : nvt/gb_mandriva_MDVA_2010_103.nasl |
2010-01-28 | Name : PostgreSQL 'bitsubstr' Buffer Overflow Vulnerability File : nvt/postgresql_37973.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62129 | PostgreSQL backend/utils/adt/varbit.c bitsubstr Function Remote DoS |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | PostgreSQL bit substring buffer overflow attempt RuleID : 16393 - Revision : 9 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0427.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0428.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0429.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100519_postgresql_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2011-10-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-22.nasl - Type : ACT_GATHER_INFO |
2010-06-01 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0429.nasl - Type : ACT_GATHER_INFO |
2010-05-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2051.nasl - Type : ACT_GATHER_INFO |
2010-05-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0427.nasl - Type : ACT_GATHER_INFO |
2010-05-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0428.nasl - Type : ACT_GATHER_INFO |
2010-05-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-103.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0427.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0428.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0429.nasl - Type : ACT_GATHER_INFO |
2010-04-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-933-1.nasl - Type : ACT_GATHER_INFO |
2010-03-26 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_e050119b385611dfb2b2002170daae37.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:06:48 |
|