ID de Prueba:	1.3.6.1.4.1.25623.1.0.100400
Categoría:	Databases
Título:	PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
Resumen:	PostgreSQL is prone to a security bypass vulnerability because the; application fails to properly validate the domain name in a signed CA certificate, allowing attackers; to substitute malicious SSL certificates for trusted ones.;; PostgreSQL is also prone to a local privilege escalation vulnerability.
Descripción:	Summary: PostgreSQL is prone to a security bypass vulnerability because the application fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones. PostgreSQL is also prone to a local privilege escalation vulnerability. Vulnerability Impact: Successfully exploiting this issue allows attackers to perform man-in-the- middle attacks or impersonate trusted servers, which will aid in further attacks. Exploiting the privilege escalation vulnerability allows local attackers to gain elevated privileges. Affected Software/OS: PostgreSQL versions prior to 8.4.2, 8.3.9, 8.2.15, 8.1.19, 8.0.23, and 7.4.27 are vulnerable to this issue. Solution: Updates are available. Please see the references for more information. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4034 1023325 http://www.securitytracker.com/id?1023325 20100307 rPSA-2010-0012-1 postgresql postgresql-contrib postgresql-server http://www.securityfocus.com/archive/1/509917/100/0/threaded 37334 http://www.securityfocus.com/bid/37334 37663 http://secunia.com/advisories/37663 61038 http://osvdb.org/61038 ADV-2009-3519 http://www.vupen.com/english/advisories/2009/3519 FEDORA-2009-13363 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01035.html FEDORA-2009-13381 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01056.html HPSBMU02781 http://marc.info/?l=bugtraq&m=134124585221119&w=2 MDVSA-2009:333 http://www.mandriva.com/security/advisories?name=MDVSA-2009:333 SSRT100617 SUSE-SR:2010:001 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012 http://www.postgresql.org/docs/current/static/release-7-4-27.html http://www.postgresql.org/docs/current/static/release-8-0-23.html http://www.postgresql.org/docs/current/static/release-8-1-19.html http://www.postgresql.org/docs/current/static/release-8-2-15.html http://www.postgresql.org/docs/current/static/release-8-3-9.html http://www.postgresql.org/docs/current/static/release-8-4-2.html http://www.postgresql.org/support/security.html Common Vulnerability Exposure (CVE) ID: CVE-2009-4136 1023326 http://www.securitytracker.com/id?1023326 37333 http://www.securityfocus.com/bid/37333 39820 http://secunia.com/advisories/39820 61039 http://osvdb.org/61039 ADV-2010-1197 http://www.vupen.com/english/advisories/2010/1197 RHSA-2010:0427 http://www.redhat.com/support/errata/RHSA-2010-0427.html RHSA-2010:0428 http://www.redhat.com/support/errata/RHSA-2010-0428.html RHSA-2010:0429 http://www.redhat.com/support/errata/RHSA-2010-0429.html https://bugzilla.redhat.com/show_bug.cgi?id=546321 oval:org.mitre.oval:def:9358 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9358
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.