Databases : PostgreSQL 'xml_parse()' And 'xslt_process()' Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.803219

Categoría: Databases

Título: PostgreSQL 'xml_parse()' And 'xslt_process()' Multiple Vulnerabilities - Windows

Resumen: PostgreSQL is prone to multiple vulnerabilities.

Descripción: Summary:
PostgreSQL is prone to multiple vulnerabilities.

Vulnerability Insight:
- An error exists within the 'xml_parse()' function when parsing DTD data
within XML documents.

- An error exists within the 'xslt_process()' when parsing XSLT style sheets.

Vulnerability Impact:
Successful exploitation will allow attacker to modify data, obtain sensitive
information or trigger outbound traffic to arbitrary external hosts.

Affected Software/OS:
PostgreSQL versions 8.3 before 8.3.20, 8.4 before 8.4.13,
9.0 before 9.0.9, and 9.1 before 9.1.5 on Windows.

Solution:
Upgrade to PostgreSQL 8.3.20, 8.4.13, 9.0.9 or 9.1.5 or later.

CVSS Score:
4.9

CVSS Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-3488
http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
BugTraq ID: 55072
http://www.securityfocus.com/bid/55072
Debian Security Information: DSA-2534 (Google Search)
http://www.debian.org/security/2012/dsa-2534
http://www.mandriva.com/security/advisories?name=MDVSA-2012:139
RedHat Security Advisories: RHSA-2012:1263
http://rhn.redhat.com/errata/RHSA-2012-1263.html
RedHat Security Advisories: RHSA-2012:1264
http://rhn.redhat.com/errata/RHSA-2012-1264.html
http://secunia.com/advisories/50635
http://secunia.com/advisories/50636
http://secunia.com/advisories/50718
http://secunia.com/advisories/50859
http://secunia.com/advisories/50946
SuSE Security Announcement: openSUSE-SU-2012:1251 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html
SuSE Security Announcement: openSUSE-SU-2012:1288 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html
SuSE Security Announcement: openSUSE-SU-2012:1299 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html
http://www.ubuntu.com/usn/USN-1542-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-3489
BugTraq ID: 55074
http://www.securityfocus.com/bid/55074

Copyright Copyright (C) 2013 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.803219
Categoría:	Databases
Título:	PostgreSQL 'xml_parse()' And 'xslt_process()' Multiple Vulnerabilities - Windows
Resumen:	PostgreSQL is prone to multiple vulnerabilities.
Descripción:	Summary: PostgreSQL is prone to multiple vulnerabilities. Vulnerability Insight: - An error exists within the 'xml_parse()' function when parsing DTD data within XML documents. - An error exists within the 'xslt_process()' when parsing XSLT style sheets. Vulnerability Impact: Successful exploitation will allow attacker to modify data, obtain sensitive information or trigger outbound traffic to arbitrary external hosts. Affected Software/OS: PostgreSQL versions 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 on Windows. Solution: Upgrade to PostgreSQL 8.3.20, 8.4.13, 9.0.9 or 9.1.5 or later. CVSS Score: 4.9 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3488 http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html BugTraq ID: 55072 http://www.securityfocus.com/bid/55072 Debian Security Information: DSA-2534 (Google Search) http://www.debian.org/security/2012/dsa-2534 http://www.mandriva.com/security/advisories?name=MDVSA-2012:139 RedHat Security Advisories: RHSA-2012:1263 http://rhn.redhat.com/errata/RHSA-2012-1263.html RedHat Security Advisories: RHSA-2012:1264 http://rhn.redhat.com/errata/RHSA-2012-1264.html http://secunia.com/advisories/50635 http://secunia.com/advisories/50636 http://secunia.com/advisories/50718 http://secunia.com/advisories/50859 http://secunia.com/advisories/50946 SuSE Security Announcement: openSUSE-SU-2012:1251 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html SuSE Security Announcement: openSUSE-SU-2012:1288 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html SuSE Security Announcement: openSUSE-SU-2012:1299 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html http://www.ubuntu.com/usn/USN-1542-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-3489 BugTraq ID: 55074 http://www.securityfocus.com/bid/55074
Copyright	Copyright (C) 2013 Greenbone AG