Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.67416
Kategorie:Red Hat Local Security Checks
Titel:RedHat Security Advisory RHSA-2010:0429
Zusammenfassung:NOSUMMARY
Beschreibung:Description:
The remote host is missing updates announced in
advisory RHSA-2010:0429.

PostgreSQL is an advanced object-relational database management system
(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the
Perl and Tcl languages, and are installed in trusted mode by default. In
trusted mode, certain operations, such as operating system level access,
are restricted.

A flaw was found in the way PostgreSQL enforced permission checks on
scripts written in PL/Perl. If the PL/Perl procedural language was
registered on a particular database, an authenticated database user running
a specially-crafted PL/Perl script could use this flaw to bypass intended
PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl
scripts with the privileges of the database server. (CVE-2010-1169)

Red Hat would like to thank Tim Bunce for responsibly reporting the
CVE-2010-1169 flaw.

A flaw was found in the way PostgreSQL enforced permission checks on
scripts written in PL/Tcl. If the PL/Tcl procedural language was registered
on a particular database, an authenticated database user running a
specially-crafted PL/Tcl script could use this flaw to bypass intended
PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl
scripts with the privileges of the database server. (CVE-2010-1170)

A buffer overflow flaw was found in the way PostgreSQL retrieved a
substring from the bit string for BIT() and BIT VARYING() SQL data types.
An authenticated database user running a specially-crafted SQL query could
use this flaw to cause a temporary denial of service (postgres daemon
crash) or, potentially, execute arbitrary code with the privileges of the
database server. (CVE-2010-0442)

An integer overflow flaw was found in the way PostgreSQL used to calculate
the size of the hash table for joined relations. An authenticated database
user could create a specially-crafted SQL query which could cause a
temporary denial of service (postgres daemon crash) or, potentially,
execute arbitrary code with the privileges of the database server.
(CVE-2010-0733)

PostgreSQL improperly protected session-local state during the execution of
an index function by a database superuser during the database maintenance
operations. An authenticated database user could use this flaw to elevate
their privileges via specially-crafted index functions. (CVE-2009-4136)

These packages upgrade PostgreSQL to version 8.1.21. Refer to the
PostgreSQL Release Notes for a list of changes:

http://www.postgresql.org/docs/8.1/static/release.html

All PostgreSQL users are advised to upgrade to these updated packages,
which correct these issues. If the postgresql service is running, it will
be automatically restarted after installing this update.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0429.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : Critical

CVSS Score:
8.5

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-4136
BugTraq ID: 37333
http://www.securityfocus.com/bid/37333
Bugtraq: 20100307 rPSA-2010-0012-1 postgresql postgresql-contrib postgresql-server (Google Search)
http://www.securityfocus.com/archive/1/509917/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01035.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01056.html
HPdes Security Advisory: HPSBMU02781
http://marc.info/?l=bugtraq&m=134124585221119&w=2
HPdes Security Advisory: SSRT100617
http://www.mandriva.com/security/advisories?name=MDVSA-2009:333
http://osvdb.org/61039
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9358
http://www.redhat.com/support/errata/RHSA-2010-0427.html
http://www.redhat.com/support/errata/RHSA-2010-0428.html
http://www.redhat.com/support/errata/RHSA-2010-0429.html
http://www.securitytracker.com/id?1023326
http://secunia.com/advisories/37663
http://secunia.com/advisories/39820
SuSE Security Announcement: SUSE-SR:2010:001 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html
http://www.vupen.com/english/advisories/2009/3519
http://www.vupen.com/english/advisories/2010/1197
Common Vulnerability Exposure (CVE) ID: CVE-2010-0442
BugTraq ID: 37973
http://www.securityfocus.com/bid/37973
Debian Security Information: DSA-2051 (Google Search)
http://www.debian.org/security/2010/dsa-2051
http://www.mandriva.com/security/advisories?name=MDVSA-2010:103
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567058
http://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html
http://www.openwall.com/lists/oss-security/2010/01/27/5
http://archives.postgresql.org/pgsql-committers/2010-01/msg00125.php
http://archives.postgresql.org/pgsql-hackers/2010-01/msg00634.php
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9720
http://securitytracker.com/id?1023510
http://secunia.com/advisories/39566
http://secunia.com/advisories/39939
http://ubuntu.com/usn/usn-933-1
http://www.vupen.com/english/advisories/2010/1022
http://www.vupen.com/english/advisories/2010/1207
http://www.vupen.com/english/advisories/2010/1221
XForce ISS Database: postgresql-substring-bo(55902)
https://exchange.xforce.ibmcloud.com/vulnerabilities/55902
Common Vulnerability Exposure (CVE) ID: CVE-2010-0733
BugTraq ID: 38619
http://www.securityfocus.com/bid/38619
http://www.openwall.com/lists/oss-security/2010/03/09/2
http://www.openwall.com/lists/oss-security/2010/03/16/10
http://archives.postgresql.org/pgsql-bugs/2009-10/msg00277.php
http://archives.postgresql.org/pgsql-bugs/2009-10/msg00287.php
http://archives.postgresql.org/pgsql-bugs/2009-10/msg00289.php
http://archives.postgresql.org/pgsql-bugs/2009-10/msg00310.php
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10691
SuSE Security Announcement: SUSE-SR:2010:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-1169
BugTraq ID: 40215
http://www.securityfocus.com/bid/40215
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041559.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041579.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041591.html
http://www.openwall.com/lists/oss-security/2010/05/20/5
http://osvdb.org/64755
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10645
http://www.redhat.com/support/errata/RHSA-2010-0430.html
http://www.securitytracker.com/id?1023988
http://secunia.com/advisories/39815
http://secunia.com/advisories/39845
http://secunia.com/advisories/39898
http://www.vupen.com/english/advisories/2010/1167
http://www.vupen.com/english/advisories/2010/1182
http://www.vupen.com/english/advisories/2010/1198
XForce ISS Database: postgresql-safe-code-execution(58693)
https://exchange.xforce.ibmcloud.com/vulnerabilities/58693
Common Vulnerability Exposure (CVE) ID: CVE-2010-1170
http://osvdb.org/64757
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10510
http://www.securitytracker.com/id?1023987
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.