Turbolinux Local Security Tests : Turbolinux TLSA-2005-22 (postgresql)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52838

Categoría: Turbolinux Local Security Tests

Título: Turbolinux TLSA-2005-22 (postgresql)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to postgresql
announced via advisory TLSA-2005-22.

PostgreSQL is an advanced Object-Relational database management system.

Two vulnerabilities have been found in Posgresql:
- The postgresql package's make_oidjoins_check script allows local users
to overwrite files via a symlink attack on temporary files.

- PostgreSQL allows local users to load arbitrary shared libraries and
have loaded code executed via the LOAD extension.

These vulerabilities could allow attackers to overwrite arbitrary files via
a symbolic link attack, and/or allow local users to execute arbitrary code.

Solution: Please use the turbopkg (zabom) tool to apply the update.
https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2005-22

Risk factor : Medium

CVSS Score:
4.3

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0977
BugTraq ID: 11295
http://www.securityfocus.com/bid/11295
Debian Security Information: DSA-577 (Google Search)
http://www.debian.org/security/2004/dsa-577
http://security.gentoo.org/glsa/glsa-200410-16.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:149
http://marc.info/?l=bugtraq&m=109910073808903&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11360
http://www.redhat.com/support/errata/RHSA-2004-489.html
http://www.trustix.org/errata/2004/0050
https://www.ubuntu.com/usn/usn-6-1/
XForce ISS Database: script-temporary-file-overwrite(17583)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
Common Vulnerability Exposure (CVE) ID: CVE-2005-0227
BugTraq ID: 12411
http://www.securityfocus.com/bid/12411
Bugtraq: 20050201 [USN-71-1] PostgreSQL vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=110726899107148&w=2
Debian Security Information: DSA-668 (Google Search)
http://www.debian.org/security/2005/dsa-668
http://security.gentoo.org/glsa/glsa-200502-08.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:040
http://archives.postgresql.org/pgsql-announce/2005-02/msg00000.php
http://archives.postgresql.org/pgsql-bugs/2005-01/msg00269.php
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10234
http://www.redhat.com/support/errata/RHSA-2005-138.html
http://www.redhat.com/support/errata/RHSA-2005-150.html
http://secunia.com/advisories/12948
SuSE Security Announcement: SUSE-SA:2005:036 (Google Search)
http://www.novell.com/linux/security/advisories/2005_36_sudo.html
http://www.trustix.org/errata/2005/0003/

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52838
Categoría:	Turbolinux Local Security Tests
Título:	Turbolinux TLSA-2005-22 (postgresql)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to postgresql announced via advisory TLSA-2005-22. PostgreSQL is an advanced Object-Relational database management system. Two vulnerabilities have been found in Posgresql: - The postgresql package's make_oidjoins_check script allows local users to overwrite files via a symlink attack on temporary files. - PostgreSQL allows local users to load arbitrary shared libraries and have loaded code executed via the LOAD extension. These vulerabilities could allow attackers to overwrite arbitrary files via a symbolic link attack, and/or allow local users to execute arbitrary code. Solution: Please use the turbopkg (zabom) tool to apply the update. https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2005-22 Risk factor : Medium CVSS Score: 4.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0977 BugTraq ID: 11295 http://www.securityfocus.com/bid/11295 Debian Security Information: DSA-577 (Google Search) http://www.debian.org/security/2004/dsa-577 http://security.gentoo.org/glsa/glsa-200410-16.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:149 http://marc.info/?l=bugtraq&m=109910073808903&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11360 http://www.redhat.com/support/errata/RHSA-2004-489.html http://www.trustix.org/errata/2004/0050 https://www.ubuntu.com/usn/usn-6-1/ XForce ISS Database: script-temporary-file-overwrite(17583) https://exchange.xforce.ibmcloud.com/vulnerabilities/17583 Common Vulnerability Exposure (CVE) ID: CVE-2005-0227 BugTraq ID: 12411 http://www.securityfocus.com/bid/12411 Bugtraq: 20050201 [USN-71-1] PostgreSQL vulnerability (Google Search) http://marc.info/?l=bugtraq&m=110726899107148&w=2 Debian Security Information: DSA-668 (Google Search) http://www.debian.org/security/2005/dsa-668 http://security.gentoo.org/glsa/glsa-200502-08.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:040 http://archives.postgresql.org/pgsql-announce/2005-02/msg00000.php http://archives.postgresql.org/pgsql-bugs/2005-01/msg00269.php https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10234 http://www.redhat.com/support/errata/RHSA-2005-138.html http://www.redhat.com/support/errata/RHSA-2005-150.html http://secunia.com/advisories/12948 SuSE Security Announcement: SUSE-SA:2005:036 (Google Search) http://www.novell.com/linux/security/advisories/2005_36_sudo.html http://www.trustix.org/errata/2005/0003/
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com