| VID |
25207 |
| Severity |
40 |
| Port |
5432 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The PostgreSQL server, according to its version number, has multiple vulnerabilities. PostgreSQL is a Object-Relational database management system (DBMS) that supports an extended subset of SQL.
The version of PostgreSQL installed on the remote host is 9.4.x prior to 9.4.10. It is, therefore, affected by a denial of service vulnerability due to a use-after-free error when executing aggregate functions using DISTINCT. An unauthenticated, remote attacker can exploit this to deference already freed memory, resulting in crashing the database.
* Note: This check solely relied on the version number of the remote PostgreSQL server to assess this vulnerability, so this might be a false positive.
* References:
https://www.postgresql.org/about/news/1712/
https://www.postgresql.org/docs/current/static/release-9-4-10.html
* Platforms Affected:
PostgreSQL prior to 9.4.10
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PostgreSQL (9.4.10 or later), available from the PostgreSQL Web page at http://www.postgresql.org/download/ |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
