Executive Summary
Summary | |
---|---|
Title | PostgreSQL vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-942-1 | First vendor Publication | 2010-05-21 |
Vendor | Ubuntu | Last vendor Modification | 2010-05-21 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 8.5 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 8.04 LTS: Ubuntu 9.04: Ubuntu 9.10: Ubuntu 10.04 LTS: This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. Details follow: It was discovered that the Safe.pm module as used by PostgreSQL did not properly restrict PL/perl procedures. If PostgreSQL was configured to use Perl stored procedures, a remote authenticated attacker could exploit this to execute arbitrary Perl code. (CVE-2010-1169) It was discovered that PostgreSQL did not properly check permissions to restrict PL/Tcl procedures. If PostgreSQL was configured to use Tcl stored procedures, a remote authenticated attacker could exploit this to execute arbitrary Tcl code. (CVE-2010-1170) |
Original Source
Url : http://www.ubuntu.com/usn/USN-942-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-264 | Permissions, Privileges, and Access Controls |
50 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-22 (postgresql-server postgresql-base) File : nvt/glsa_201110_22.nasl |
2011-08-09 | Name : CentOS Update for postgresql CESA-2010:0429 centos5 i386 File : nvt/gb_CESA-2010_0429_postgresql_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for postgresql84 CESA-2010:0430 centos5 i386 File : nvt/gb_CESA-2010_0430_postgresql84_centos5_i386.nasl |
2011-02-11 | Name : Fedora Update for postgresql FEDORA-2011-0963 File : nvt/gb_fedora_2011_0963_postgresql_fc13.nasl |
2010-12-02 | Name : Fedora Update for sepostgresql FEDORA-2010-15870 File : nvt/gb_fedora_2010_15870_sepostgresql_fc14.nasl |
2010-11-04 | Name : Fedora Update for sepostgresql FEDORA-2010-16004 File : nvt/gb_fedora_2010_16004_sepostgresql_fc13.nasl |
2010-10-22 | Name : Fedora Update for postgresql FEDORA-2010-15954 File : nvt/gb_fedora_2010_15954_postgresql_fc12.nasl |
2010-10-22 | Name : Fedora Update for postgresql FEDORA-2010-15960 File : nvt/gb_fedora_2010_15960_postgresql_fc13.nasl |
2010-06-03 | Name : Debian Security Advisory DSA 2051-1 (postgresql-8.3) File : nvt/deb_2051_1.nasl |
2010-05-28 | Name : RedHat Update for postgresql84 RHSA-2010:0430-01 File : nvt/gb_RHSA-2010_0430-01_postgresql84.nasl |
2010-05-28 | Name : RedHat Update for postgresql RHSA-2010:0429-01 File : nvt/gb_RHSA-2010_0429-01_postgresql.nasl |
2010-05-28 | Name : RedHat Update for postgresql RHSA-2010:0428-01 File : nvt/gb_RHSA-2010_0428-01_postgresql.nasl |
2010-05-28 | Name : RedHat Update for postgresql RHSA-2010:0427-01 File : nvt/gb_RHSA-2010_0427-01_postgresql.nasl |
2010-05-28 | Name : Fedora Update for postgresql FEDORA-2010-8715 File : nvt/gb_fedora_2010_8715_postgresql_fc12.nasl |
2010-05-28 | Name : Fedora Update for postgresql FEDORA-2010-8723 File : nvt/gb_fedora_2010_8723_postgresql_fc11.nasl |
2010-05-28 | Name : CentOS Update for postgresql CESA-2010:0428 centos4 i386 File : nvt/gb_CESA-2010_0428_postgresql_centos4_i386.nasl |
2010-05-28 | Name : Mandriva Update for postgresql MDVSA-2010:103 (postgresql) File : nvt/gb_mandriva_MDVSA_2010_103.nasl |
2010-05-28 | Name : Ubuntu Update for PostgreSQL vulnerabilities USN-942-1 File : nvt/gb_ubuntu_USN_942_1.nasl |
2010-05-28 | Name : CentOS Update for rh-postgresql CESA-2010:0427 centos3 i386 File : nvt/gb_CESA-2010_0427_rh-postgresql_centos3_i386.nasl |
2010-05-19 | Name : PostgreSQL Multiple Security Vulnerabilities File : nvt/gb_postgresql_40215.nasl |
2010-03-22 | Name : Mandriva Update for poppler MDVA-2010:103 (poppler) File : nvt/gb_mandriva_MDVA_2010_103.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
64757 | PostgreSQL PL / Tcl Implementation pltcl_modules Table Permission Weakness Ar... |
64755 | PostgreSQL Safe Module PL / perl Procedure Restriction Weakness Arbitrary Per... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-08-16 | IAVM : 2012-A-0136 - Multiple Vulnerabilities in Juniper Network Management Products Severity : Category I - VMSKEY : V0033662 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-09-13 | Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_2012_1.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0430.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0429.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0428.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0427.nasl - Type : ACT_GATHER_INFO |
2012-12-28 | Name : The remote database server is affected by multiple vulnerabilities. File : postgresql_20100517.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100519_postgresql_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100519_postgresql84_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2011-10-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-22.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_postgresql-100525.nasl - Type : ACT_GATHER_INFO |
2010-10-29 | Name : The remote Fedora host is missing a security update. File : fedora_2010-15870.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16004.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_postgresql-7053.nasl - Type : ACT_GATHER_INFO |
2010-07-14 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_postgresql-100525.nasl - Type : ACT_GATHER_INFO |
2010-07-14 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_postgresql-100525.nasl - Type : ACT_GATHER_INFO |
2010-07-14 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_postgresql-100525.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-8723.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-8715.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-8696.nasl - Type : ACT_GATHER_INFO |
2010-06-01 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0430.nasl - Type : ACT_GATHER_INFO |
2010-06-01 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0429.nasl - Type : ACT_GATHER_INFO |
2010-05-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2051.nasl - Type : ACT_GATHER_INFO |
2010-05-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-942-1.nasl - Type : ACT_GATHER_INFO |
2010-05-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0427.nasl - Type : ACT_GATHER_INFO |
2010-05-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0428.nasl - Type : ACT_GATHER_INFO |
2010-05-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-103.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0430.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0429.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0428.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0427.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:06:50 |
|