| VID |
25044 |
| Severity |
40 |
| Port |
5432 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The PostgreSQL server, according to its version number, has multiple remote vulnerabilities(2). PostgreSQL is a Object-Relational database management system (DBMS) that supports an extended subset of SQL. PostgreSQL versions 7.x and 8.x are vulnerable to remotely exploitable multiple vulnerabilities. A remote attacker who successfully exploited the most severe of these vulnerabilities described below could take complete control of an affected system:
- The first issue could allow a remote attacker to gain elevated privileges, caused by a vulnerability in the LOAD option.
- The second issue could allow a remote attacker to bypass security restrictions, caused by a vulnerability with a missing permissions check.
- The third vulnerability is an unspecified security issue that exists in 'contrib/intagg' directory.
- The final issue is a buffer overflow vulnerability, caused by improper bounds checking when the plpgsql cursor contains too many parameters.
* Note: This check solely relied on the version number of the remote PostgreSQL server to assess this vulnerability, so this might be a false positive.
* References:
http://secunia.com/advisories/12948/
* Platforms Affected:
PostgreSQL 7.x and 8.x
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PostgreSQL (7.2.7, 7.3.9, 7.4.7, or 8.0.1 or later), available from the PostgreSQL FTP Web page at http://wwwmaster.postgresql.org/ftp/ |
| Related URL |
CVE-2005-0227,CVE-2005-0244,CVE-2005-0245,CVE-2005-0246,CVE-2005-0247 (CVE) |
| Related URL |
12411,12417 (SecurityFocus) |
| Related URL |
19183,19184,19185,19188 (ISS) |
|
