ID de Prueba:	1.3.6.1.4.1.25623.1.0.54312
Categoría:	Trustix Local Security Checks
Título:	Trustix Security Advisory TSLSA-2005-0015 (postgresql)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory TSLSA-2005-0015. From the CVE entry: Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function, (3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and (4) a large number of INTO variables in a FETCH statement being handled by the make_fetch_stmt function, a different set of vulnerabilities than CVE-2005-0245. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0247 to this issue. Solution: Update your system with the packages as indicated in the referenced security advisory. https://secure1.securityspace.com/smysecure/catid.html?in=TSLSA-2005-0015 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0245 12417 http://www.securityfocus.com/bid/12417 12948 http://secunia.com/advisories/12948 20050210 [USN-79-1] PostgreSQL vulnerabilities http://marc.info/?l=bugtraq&m=110806034116082&w=2 DSA-683 http://www.debian.org/security/2005/dsa-683 MDKSA-2005:040 http://www.mandriva.com/security/advisories?name=MDKSA-2005:040 RHSA-2005:138 http://www.redhat.com/support/errata/RHSA-2005-138.html RHSA-2005:150 http://www.redhat.com/support/errata/RHSA-2005-150.html SUSE-SA:2005:036 http://www.novell.com/linux/security/advisories/2005_36_sudo.html [pgsql-committers] 20050121 pgsql: Prevent overrunning a heap-allocated buffer is more than 1024 http://archives.postgresql.org/pgsql-committers/2005-01/msg00298.php [pgsql-committers] 20050207 pgsql: Prevent 4 more buffer overruns in the PL/PgSQL parser. http://archives.postgresql.org/pgsql-committers/2005-02/msg00049.php [pgsql-patches] 20050120 Re: WIP: pl/pgsql cleanup http://archives.postgresql.org/pgsql-patches/2005-01/msg00216.php oval:org.mitre.oval:def:10175 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10175 postgresql-cursor-bo(19188) https://exchange.xforce.ibmcloud.com/vulnerabilities/19188 Common Vulnerability Exposure (CVE) ID: CVE-2005-0247 GLSA-200502-19 http://www.gentoo.org/security/en/glsa/glsa-200502-19.xml SUSE-SA:2005:027 http://www.novell.com/linux/security/advisories/2005_27_postgresql.html oval:org.mitre.oval:def:9345 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9345 postgresql-fetch-makefetchstmt-bo(19378) https://exchange.xforce.ibmcloud.com/vulnerabilities/19378 postgresql-makeselectstmt-arbitrary-bo(19377) https://exchange.xforce.ibmcloud.com/vulnerabilities/19377 postgresql-makeselectstmt-input-bo(19376) https://exchange.xforce.ibmcloud.com/vulnerabilities/19376 postgresql-readsqlconstruct-bo(19375) https://exchange.xforce.ibmcloud.com/vulnerabilities/19375
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.