 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.52670 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu USN-118-1 (postgresql) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to postgresql announced via advisory USN-118-1. A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: postgresql postgresql-contrib Details follow: It was discovered that unprivileged users were allowed to call internal character conversion functions. However, since these functions were not designed to be safe against malicious choices of argument values, this could potentially be exploited to execute arbitrary code with the privileges of the PostgreSQL server (user postgres). (CVE-2005-1409) Another vulnerability was found in the tsearch2 module of postgresql-contrib. This module declared several functions as internal, although they did not accept any internal argument this breaks the type safety of internal by allowing users to construct SQL commands that invoke other functions accepting internal arguments. This could eventually be exploited to crash the server, or possibly even execute arbitrary code with the privileges of the PostgreSQL server. (CVE-2005-1410) These vulnerabilities must also be fixed in all existing databases when upgrading. The post-installation script of the updated package attempts to do this automatically if the package installs without any error, all existing databases have been updated to be safe against above vulnerabilities. Should the installation fail, please contact the Ubuntu security team (security@ubuntu.com) immediately. Solution: The problem can be corrected by upgrading the affected package to version 7.4.5-3ubuntu0.5 (for Ubuntu 4.10) and 7.4.7-2ubuntu2.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. https://secure1.securityspace.com/smysecure/catid.html?in=USN-118-1 Risk factor : High CVSS Score: 7.5 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2005-1409 13476 http://www.securityfocus.com/bid/13476 ADV-2005-0453 http://www.vupen.com/english/advisories/2005/0453 FLSA-2006:157366 http://www.securityfocus.com/archive/1/426302/30/6680/threaded RHSA-2005:433 http://www.redhat.com/support/errata/RHSA-2005-433.html SUSE-SA:2005:036 http://www.novell.com/linux/security/advisories/2005_36_sudo.html [pgsql-announce] 20050502 IMPORTANT: two new PostgreSQL security problems found http://archives.postgresql.org/pgsql-announce/2005-05/msg00001.php http://www.postgresql.org/about/news.315 oval:org.mitre.oval:def:10050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10050 oval:org.mitre.oval:def:676 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A676 Common Vulnerability Exposure (CVE) ID: CVE-2005-1410 13475 http://www.securityfocus.com/bid/13475 oval:org.mitre.oval:def:1086 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1086 oval:org.mitre.oval:def:9343 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9343 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |