ID CVE-2009-4136
Summary PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.
References
Vulnerable Configurations
  • PostgreSQL PostgreSQL 7.4.1
    cpe:2.3:a:postgresql:postgresql:7.4.1
  • PostgreSQL PostgreSQL 7.4.2
    cpe:2.3:a:postgresql:postgresql:7.4.2
  • PostgreSQL PostgreSQL 7.4.3
    cpe:2.3:a:postgresql:postgresql:7.4.3
  • PostgreSQL PostgreSQL 7.4.4
    cpe:2.3:a:postgresql:postgresql:7.4.4
  • PostgreSQL PostgreSQL 7.4.5
    cpe:2.3:a:postgresql:postgresql:7.4.5
  • PostgreSQL PostgreSQL 7.4.6
    cpe:2.3:a:postgresql:postgresql:7.4.6
  • PostgreSQL PostgreSQL 7.4.7
    cpe:2.3:a:postgresql:postgresql:7.4.7
  • PostgreSQL PostgreSQL 7.4.8
    cpe:2.3:a:postgresql:postgresql:7.4.8
  • PostgreSQL PostgreSQL 7.4.9
    cpe:2.3:a:postgresql:postgresql:7.4.9
  • PostgreSQL PostgreSQL 7.4.10
    cpe:2.3:a:postgresql:postgresql:7.4.10
  • PostgreSQL PostgreSQL 7.4.11
    cpe:2.3:a:postgresql:postgresql:7.4.11
  • PostgreSQL PostgreSQL 7.4.12
    cpe:2.3:a:postgresql:postgresql:7.4.12
  • PostgreSQL PostgreSQL 7.4.13
    cpe:2.3:a:postgresql:postgresql:7.4.13
  • PostgreSQL PostgreSQL 7.4.14
    cpe:2.3:a:postgresql:postgresql:7.4.14
  • PostgreSQL PostgreSQL 7.4.15
    cpe:2.3:a:postgresql:postgresql:7.4.15
  • PostgreSQL PostgreSQL 7.4.16
    cpe:2.3:a:postgresql:postgresql:7.4.16
  • PostgreSQL PostgreSQL 7.4.17
    cpe:2.3:a:postgresql:postgresql:7.4.17
  • PostgreSQL PostgreSQL 7.4.18
    cpe:2.3:a:postgresql:postgresql:7.4.18
  • PostgreSQL PostgreSQL 7.4.19
    cpe:2.3:a:postgresql:postgresql:7.4.19
  • PostgreSQL PostgreSQL 7.4.20
    cpe:2.3:a:postgresql:postgresql:7.4.20
  • PostgreSQL PostgreSQL 7.4.21
    cpe:2.3:a:postgresql:postgresql:7.4.21
  • PostgreSQL PostgreSQL 7.4.22
    cpe:2.3:a:postgresql:postgresql:7.4.22
  • PostgreSQL PostgreSQL 7.4.23
    cpe:2.3:a:postgresql:postgresql:7.4.23
  • PostgreSQL PostgreSQL 7.4.24
    cpe:2.3:a:postgresql:postgresql:7.4.24
  • PostgreSQL PostgreSQL 7.4.25
    cpe:2.3:a:postgresql:postgresql:7.4.25
  • PostgreSQL PostgreSQL 7.4.26
    cpe:2.3:a:postgresql:postgresql:7.4.26
  • cpe:2.3:a:postgresql:postgresql:8.0.0
    cpe:2.3:a:postgresql:postgresql:8.0.0
  • PostgreSQL PostgreSQL 8.0.1
    cpe:2.3:a:postgresql:postgresql:8.0.1
  • PostgreSQL PostgreSQL 8.0.2
    cpe:2.3:a:postgresql:postgresql:8.0.2
  • PostgreSQL PostgreSQL 8.0.3
    cpe:2.3:a:postgresql:postgresql:8.0.3
  • PostgreSQL PostgreSQL 8.0.4
    cpe:2.3:a:postgresql:postgresql:8.0.4
  • PostgreSQL PostgreSQL 8.0.5
    cpe:2.3:a:postgresql:postgresql:8.0.5
  • PostgreSQL PostgreSQL 8.0.6
    cpe:2.3:a:postgresql:postgresql:8.0.6
  • PostgreSQL PostgreSQL 8.0.7
    cpe:2.3:a:postgresql:postgresql:8.0.7
  • PostgreSQL PostgreSQL 8.0.8
    cpe:2.3:a:postgresql:postgresql:8.0.8
  • PostgreSQL PostgreSQL 8.0.9
    cpe:2.3:a:postgresql:postgresql:8.0.9
  • PostgreSQL PostgreSQL 8.0.10
    cpe:2.3:a:postgresql:postgresql:8.0.10
  • PostgreSQL PostgreSQL 8.0.11
    cpe:2.3:a:postgresql:postgresql:8.0.11
  • PostgreSQL PostgreSQL 8.0.12
    cpe:2.3:a:postgresql:postgresql:8.0.12
  • PostgreSQL PostgreSQL 8.0.13
    cpe:2.3:a:postgresql:postgresql:8.0.13
  • PostgreSQL PostgreSQL 8.0.14
    cpe:2.3:a:postgresql:postgresql:8.0.14
  • PostgreSQL PostgreSQL 8.0.15
    cpe:2.3:a:postgresql:postgresql:8.0.15
  • PostgreSQL PostgreSQL 8.0.16
    cpe:2.3:a:postgresql:postgresql:8.0.16
  • PostgreSQL PostgreSQL 8.0.17
    cpe:2.3:a:postgresql:postgresql:8.0.17
  • PostgreSQL PostgreSQL 8.0.18
    cpe:2.3:a:postgresql:postgresql:8.0.18
  • PostgreSQL PostgreSQL 8.0.19
    cpe:2.3:a:postgresql:postgresql:8.0.19
  • PostgreSQL PostgreSQL 8.0.20
    cpe:2.3:a:postgresql:postgresql:8.0.20
  • PostgreSQL PostgreSQL 8.0.21
    cpe:2.3:a:postgresql:postgresql:8.0.21
  • PostgreSQL PostgreSQL 8.0.22
    cpe:2.3:a:postgresql:postgresql:8.0.22
  • PostgreSQL 8.1.0
    cpe:2.3:a:postgresql:postgresql:8.1.0
  • PostgreSQL 8.1.1
    cpe:2.3:a:postgresql:postgresql:8.1.1
  • PostgreSQL 8.1.2
    cpe:2.3:a:postgresql:postgresql:8.1.2
  • PostgreSQL 8.1.3
    cpe:2.3:a:postgresql:postgresql:8.1.3
  • PostgreSQL 8.1.4
    cpe:2.3:a:postgresql:postgresql:8.1.4
  • PostgreSQL 8.1.5
    cpe:2.3:a:postgresql:postgresql:8.1.5
  • PostgreSQL 8.1.6
    cpe:2.3:a:postgresql:postgresql:8.1.6
  • PostgreSQL 8.1.7
    cpe:2.3:a:postgresql:postgresql:8.1.7
  • PostgreSQL 8.1.8
    cpe:2.3:a:postgresql:postgresql:8.1.8
  • PostgreSQL 8.1.9
    cpe:2.3:a:postgresql:postgresql:8.1.9
  • PostgreSQL 8.1.10
    cpe:2.3:a:postgresql:postgresql:8.1.10
  • PostgreSQL 8.1.11
    cpe:2.3:a:postgresql:postgresql:8.1.11
  • PostgreSQL 8.1.12
    cpe:2.3:a:postgresql:postgresql:8.1.12
  • PostgreSQL 8.1.13
    cpe:2.3:a:postgresql:postgresql:8.1.13
  • PostgreSQL 8.1.14
    cpe:2.3:a:postgresql:postgresql:8.1.14
  • PostgreSQL 8.1.15
    cpe:2.3:a:postgresql:postgresql:8.1.15
  • PostgreSQL 8.1.16
    cpe:2.3:a:postgresql:postgresql:8.1.16
  • PostgreSQL 8.1.17
    cpe:2.3:a:postgresql:postgresql:8.1.17
  • PostgreSQL 8.1.18
    cpe:2.3:a:postgresql:postgresql:8.1.18
  • PostgreSQL 8.2
    cpe:2.3:a:postgresql:postgresql:8.2
  • PostgreSQL 8.2.1
    cpe:2.3:a:postgresql:postgresql:8.2.1
  • PostgreSQL 8.2.2
    cpe:2.3:a:postgresql:postgresql:8.2.2
  • PostgreSQL 8.2.3
    cpe:2.3:a:postgresql:postgresql:8.2.3
  • PostgreSQL 8.2.4
    cpe:2.3:a:postgresql:postgresql:8.2.4
  • PostgreSQL 8.2.5
    cpe:2.3:a:postgresql:postgresql:8.2.5
  • PostgreSQL 8.2.6
    cpe:2.3:a:postgresql:postgresql:8.2.6
  • PostgreSQL 8.2.7
    cpe:2.3:a:postgresql:postgresql:8.2.7
  • PostgreSQL 8.2.8
    cpe:2.3:a:postgresql:postgresql:8.2.8
  • PostgreSQL 8.2.9
    cpe:2.3:a:postgresql:postgresql:8.2.9
  • PostgreSQL 8.2.10
    cpe:2.3:a:postgresql:postgresql:8.2.10
  • PostgreSQL 8.2.11
    cpe:2.3:a:postgresql:postgresql:8.2.11
  • PostgreSQL 8.2.12
    cpe:2.3:a:postgresql:postgresql:8.2.12
  • PostgreSQL 8.2.13
    cpe:2.3:a:postgresql:postgresql:8.2.13
  • PostgreSQL 8.2.14
    cpe:2.3:a:postgresql:postgresql:8.2.14
  • PostgreSQL 8.3.1
    cpe:2.3:a:postgresql:postgresql:8.3.1
  • PostgreSQL 8.3.2
    cpe:2.3:a:postgresql:postgresql:8.3.2
  • PostgreSQL 8.3.3
    cpe:2.3:a:postgresql:postgresql:8.3.3
  • PostgreSQL 8.3.4
    cpe:2.3:a:postgresql:postgresql:8.3.4
  • PostgreSQL 8.3.5
    cpe:2.3:a:postgresql:postgresql:8.3.5
  • PostgreSQL 8.3.6
    cpe:2.3:a:postgresql:postgresql:8.3.6
  • PostgreSQL 8.3.7
    cpe:2.3:a:postgresql:postgresql:8.3.7
  • PostgreSQL 8.3.8
    cpe:2.3:a:postgresql:postgresql:8.3.8
  • PostgreSQL 8.4.1
    cpe:2.3:a:postgresql:postgresql:8.4.1
CVSS
Base: 6.5 (as of 16-12-2009 - 10:12)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201110-22.NASL
    description The remote host is affected by the vulnerability described in GLSA-201110-22 (PostgreSQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact : A remote authenticated attacker could send a specially crafted SQL query to a PostgreSQL server with the 'intarray' module enabled, possibly resulting in the execution of arbitrary code with the privileges of the PostgreSQL server process, or a Denial of Service condition. Furthermore, a remote authenticated attacker could execute arbitrary Perl code, cause a Denial of Service condition via different vectors, bypass LDAP authentication, bypass X.509 certificate validation, gain database privileges, exploit weak blowfish encryption and possibly cause other unspecified impact. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 56626
    published 2011-10-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56626
    title GLSA-201110-22 : PostgreSQL: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_POSTGRESQL-6767.NASL
    description The following bugs have been fixed : An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions. (CVE-2009-4136) Embedded null bytes in the common name of SSL certificates could bypass certificate hostname checks. (CVE-2009-4034) PostgreSQL was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 44056
    published 2010-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44056
    title SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 6767)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12571.NASL
    description The following bugs have been fixed : - An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions. (CVE-2009-4136) - Embedded null bytes in the common name of SSL certificates could bypass certificate hostname checks. (CVE-2009-4034) PostgreSQL was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details.
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 44050
    published 2010-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44050
    title SuSE9 Security Update : PostgreSQL (YOU Patch Number 12571)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_POSTGRESQL-6768.NASL
    description The following bugs have been fixed : An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions. (CVE-2009-4136) Embedded null bytes in the common name of SSL certificates could bypass certificate hostname checks. (CVE-2009-4034) PostgreSQL was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 49920
    published 2010-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49920
    title SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 6768)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_POSTGRESQL-100111.NASL
    description The following bugs have been fixed : - An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions. (CVE-2009-4136) - Embedded null bytes in the common name of SSL certificates could bypass certificate hostname checks. (CVE-2009-4034) PostgreSQL was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 52689
    published 2011-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52689
    title SuSE 11 Security Update : PostgreSQL (SAT Patch Number 1766)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-333.NASL
    description Multiple vulnerabilities was discovered and corrected in postgresql : NULL Bytes in SSL Certificates can be used to falsify client or server authentication. This only affects users who have SSL enabled, perform certificate name validation or client certificate authentication, and where the Certificate Authority (CA) has been tricked into issuing invalid certificates. The use of a CA that can be trusted to always issue valid certificates is recommended to ensure you are not vulnerable to this issue (CVE-2009-4034). Privilege escalation via changing session state in an index function. This closes a corner case related to vulnerabilities CVE-2009-3230 and CVE-2007-6600 (CVE-2009-4136). Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations (CVE-2010-0733). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update provides a solution to these vulnerabilities.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 43167
    published 2009-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43167
    title Mandriva Linux Security Advisory : postgresql (MDVSA-2009:333)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_POSTGRESQL-100108.NASL
    description The following bugs have been fixed : - An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions. (CVE-2009-4136) - Embedded null bytes in the common name of SSL certificates could bypass certificate hostname checks. (CVE-2009-4034) PostgreSQL was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 44055
    published 2010-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44055
    title SuSE 11 Security Update : PostgreSQL (SAT Patch Number 1766)
  • NASL family Databases
    NASL id POSTGRESQL_20091214.NASL
    description The version of PostgreSQL installed on the remote host is 7.4 prior to 7.4.27, 8.0 prior to 8.0.23, 8.1 prior to 8.1.19, 8.2 prior to 8.2.15, 8.3 prior to 8.3.9 or 8.4 prior to 8.4.2. As such, it is potentially affected by multiple vulnerabilities : - NULL bytes in SSL Certificates can be used to falsify client or server authentication. (CVE-2009-4034) - Privilege escalation is possible via changing session state in an index function. (CVE-2009-4136)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 63348
    published 2012-12-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63348
    title PostgreSQL 7.4 < 7.4.27 / 8.0 < 8.0.23 / 8.1 < 8.1.19 / 8.2 < 8.2.15 / 8.3 < 8.3.9 / 8.4 < 8.4.2 Multiple Vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100519_POSTGRESQL_ON_SL3_X.NASL
    description PostgreSQL is an advanced object-relational database management system (DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricted. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Perl script could use this flaw to bypass intended PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl scripts with the privileges of the database server. (CVE-2010-1169) A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Tcl. If the PL/Tcl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Tcl script could use this flaw to bypass intended PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl scripts with the privileges of the database server. (CVE-2010-1170) A buffer overflow flaw was found in the way PostgreSQL retrieved a substring from the bit string for BIT() and BIT VARYING() SQL data types. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0442) An integer overflow flaw was found in the way PostgreSQL used to calculate the size of the hash table for joined relations. An authenticated database user could create a specially crafted SQL query which could cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0733) PostgreSQL improperly protected session-local state during the execution of an index function by a database superuser during the database maintenance operations. An authenticated database user could use this flaw to elevate their privileges via specially crafted index functions. (CVE-2009-4136) If the postgresql service is running, it will be automatically restarted after installing this update.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60795
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60795
    title Scientific Linux Security Update : postgresql on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0427.NASL
    description Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricted. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Perl script could use this flaw to bypass intended PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl scripts with the privileges of the database server. (CVE-2010-1169) Red Hat would like to thank Tim Bunce for responsibly reporting the CVE-2010-1169 flaw. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Tcl. If the PL/Tcl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Tcl script could use this flaw to bypass intended PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl scripts with the privileges of the database server. (CVE-2010-1170) A buffer overflow flaw was found in the way PostgreSQL retrieved a substring from the bit string for BIT() and BIT VARYING() SQL data types. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0442) An integer overflow flaw was found in the way PostgreSQL used to calculate the size of the hash table for joined relations. An authenticated database user could create a specially crafted SQL query which could cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0733) PostgreSQL improperly protected session-local state during the execution of an index function by a database superuser during the database maintenance operations. An authenticated database user could use this flaw to elevate their privileges via specially crafted index functions. (CVE-2009-4136) All PostgreSQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Running PostgreSQL instances must be restarted ('service rhdb restart') for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 46681
    published 2010-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46681
    title RHEL 3 : postgresql (RHSA-2010:0427)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0429.NASL
    description From Red Hat Security Advisory 2010:0429 : Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricted. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Perl script could use this flaw to bypass intended PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl scripts with the privileges of the database server. (CVE-2010-1169) Red Hat would like to thank Tim Bunce for responsibly reporting the CVE-2010-1169 flaw. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Tcl. If the PL/Tcl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Tcl script could use this flaw to bypass intended PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl scripts with the privileges of the database server. (CVE-2010-1170) A buffer overflow flaw was found in the way PostgreSQL retrieved a substring from the bit string for BIT() and BIT VARYING() SQL data types. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0442) An integer overflow flaw was found in the way PostgreSQL used to calculate the size of the hash table for joined relations. An authenticated database user could create a specially crafted SQL query which could cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0733) PostgreSQL improperly protected session-local state during the execution of an index function by a database superuser during the database maintenance operations. An authenticated database user could use this flaw to elevate their privileges via specially crafted index functions. (CVE-2009-4136) These packages upgrade PostgreSQL to version 8.1.21. Refer to the PostgreSQL Release Notes for a list of changes : http://www.postgresql.org/docs/8.1/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68044
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68044
    title Oracle Linux 5 : postgresql (ELSA-2010-0429)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0427.NASL
    description From Red Hat Security Advisory 2010:0427 : Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricted. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Perl script could use this flaw to bypass intended PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl scripts with the privileges of the database server. (CVE-2010-1169) Red Hat would like to thank Tim Bunce for responsibly reporting the CVE-2010-1169 flaw. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Tcl. If the PL/Tcl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Tcl script could use this flaw to bypass intended PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl scripts with the privileges of the database server. (CVE-2010-1170) A buffer overflow flaw was found in the way PostgreSQL retrieved a substring from the bit string for BIT() and BIT VARYING() SQL data types. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0442) An integer overflow flaw was found in the way PostgreSQL used to calculate the size of the hash table for joined relations. An authenticated database user could create a specially crafted SQL query which could cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0733) PostgreSQL improperly protected session-local state during the execution of an index function by a database superuser during the database maintenance operations. An authenticated database user could use this flaw to elevate their privileges via specially crafted index functions. (CVE-2009-4136) All PostgreSQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Running PostgreSQL instances must be restarted ('service rhdb restart') for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68042
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68042
    title Oracle Linux 3 : postgresql (ELSA-2010-0427)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0428.NASL
    description Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricted. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Perl script could use this flaw to bypass intended PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl scripts with the privileges of the database server. (CVE-2010-1169) Red Hat would like to thank Tim Bunce for responsibly reporting the CVE-2010-1169 flaw. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Tcl. If the PL/Tcl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Tcl script could use this flaw to bypass intended PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl scripts with the privileges of the database server. (CVE-2010-1170) A buffer overflow flaw was found in the way PostgreSQL retrieved a substring from the bit string for BIT() and BIT VARYING() SQL data types. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0442) An integer overflow flaw was found in the way PostgreSQL used to calculate the size of the hash table for joined relations. An authenticated database user could create a specially crafted SQL query which could cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0733) PostgreSQL improperly protected session-local state during the execution of an index function by a database superuser during the database maintenance operations. An authenticated database user could use this flaw to elevate their privileges via specially crafted index functions. (CVE-2009-4136) These packages upgrade PostgreSQL to version 7.4.29. Refer to the PostgreSQL Release Notes for a list of changes : http://www.postgresql.org/docs/7.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 46696
    published 2010-05-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46696
    title CentOS 4 : postgresql (CESA-2010:0428)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0427.NASL
    description Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricted. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Perl script could use this flaw to bypass intended PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl scripts with the privileges of the database server. (CVE-2010-1169) Red Hat would like to thank Tim Bunce for responsibly reporting the CVE-2010-1169 flaw. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Tcl. If the PL/Tcl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Tcl script could use this flaw to bypass intended PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl scripts with the privileges of the database server. (CVE-2010-1170) A buffer overflow flaw was found in the way PostgreSQL retrieved a substring from the bit string for BIT() and BIT VARYING() SQL data types. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0442) An integer overflow flaw was found in the way PostgreSQL used to calculate the size of the hash table for joined relations. An authenticated database user could create a specially crafted SQL query which could cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0733) PostgreSQL improperly protected session-local state during the execution of an index function by a database superuser during the database maintenance operations. An authenticated database user could use this flaw to elevate their privileges via specially crafted index functions. (CVE-2009-4136) All PostgreSQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Running PostgreSQL instances must be restarted ('service rhdb restart') for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 46695
    published 2010-05-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46695
    title CentOS 3 : postgresql (CESA-2010:0427)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0428.NASL
    description Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricted. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Perl script could use this flaw to bypass intended PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl scripts with the privileges of the database server. (CVE-2010-1169) Red Hat would like to thank Tim Bunce for responsibly reporting the CVE-2010-1169 flaw. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Tcl. If the PL/Tcl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Tcl script could use this flaw to bypass intended PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl scripts with the privileges of the database server. (CVE-2010-1170) A buffer overflow flaw was found in the way PostgreSQL retrieved a substring from the bit string for BIT() and BIT VARYING() SQL data types. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0442) An integer overflow flaw was found in the way PostgreSQL used to calculate the size of the hash table for joined relations. An authenticated database user could create a specially crafted SQL query which could cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0733) PostgreSQL improperly protected session-local state during the execution of an index function by a database superuser during the database maintenance operations. An authenticated database user could use this flaw to elevate their privileges via specially crafted index functions. (CVE-2009-4136) These packages upgrade PostgreSQL to version 7.4.29. Refer to the PostgreSQL Release Notes for a list of changes : http://www.postgresql.org/docs/7.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 46682
    published 2010-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46682
    title RHEL 4 : postgresql (RHSA-2010:0428)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0429.NASL
    description Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricted. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Perl script could use this flaw to bypass intended PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl scripts with the privileges of the database server. (CVE-2010-1169) Red Hat would like to thank Tim Bunce for responsibly reporting the CVE-2010-1169 flaw. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Tcl. If the PL/Tcl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Tcl script could use this flaw to bypass intended PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl scripts with the privileges of the database server. (CVE-2010-1170) A buffer overflow flaw was found in the way PostgreSQL retrieved a substring from the bit string for BIT() and BIT VARYING() SQL data types. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0442) An integer overflow flaw was found in the way PostgreSQL used to calculate the size of the hash table for joined relations. An authenticated database user could create a specially crafted SQL query which could cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0733) PostgreSQL improperly protected session-local state during the execution of an index function by a database superuser during the database maintenance operations. An authenticated database user could use this flaw to elevate their privileges via specially crafted index functions. (CVE-2009-4136) These packages upgrade PostgreSQL to version 8.1.21. Refer to the PostgreSQL Release Notes for a list of changes : http://www.postgresql.org/docs/8.1/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 46761
    published 2010-06-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46761
    title CentOS 5 : postgresql (CESA-2010:0429)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0429.NASL
    description Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricted. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Perl script could use this flaw to bypass intended PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl scripts with the privileges of the database server. (CVE-2010-1169) Red Hat would like to thank Tim Bunce for responsibly reporting the CVE-2010-1169 flaw. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Tcl. If the PL/Tcl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Tcl script could use this flaw to bypass intended PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl scripts with the privileges of the database server. (CVE-2010-1170) A buffer overflow flaw was found in the way PostgreSQL retrieved a substring from the bit string for BIT() and BIT VARYING() SQL data types. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0442) An integer overflow flaw was found in the way PostgreSQL used to calculate the size of the hash table for joined relations. An authenticated database user could create a specially crafted SQL query which could cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0733) PostgreSQL improperly protected session-local state during the execution of an index function by a database superuser during the database maintenance operations. An authenticated database user could use this flaw to elevate their privileges via specially crafted index functions. (CVE-2009-4136) These packages upgrade PostgreSQL to version 8.1.21. Refer to the PostgreSQL Release Notes for a list of changes : http://www.postgresql.org/docs/8.1/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 46683
    published 2010-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46683
    title RHEL 5 : postgresql (RHSA-2010:0429)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_POSTGRESQL-100108.NASL
    description An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions (CVE-2009-4136). Embedded null bytes in the common name of SSL certificates could bypass certificate hostname checks (CVE-2009-4034). postgresql was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 44051
    published 2010-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44051
    title openSUSE Security Update : postgresql (postgresql-1773)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_POSTGRESQL-100111.NASL
    description An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions (CVE-2009-4136). Embedded null bytes in the common name of SSL certificates could bypass certificate hostname checks (CVE-2009-4034). postgresql was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 44054
    published 2010-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44054
    title openSUSE Security Update : postgresql (postgresql-1773)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-13363.NASL
    description Update to latest upstream point releases Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 43337
    published 2009-12-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43337
    title Fedora 11 : postgresql-8.3.9-1.fc11 (2009-13363)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_POSTGRESQL-100108.NASL
    description An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions (CVE-2009-4136). Embedded null bytes in the common name of SSL certificates could bypass certificate hostname checks (CVE-2009-4034). postgresql was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 44052
    published 2010-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44052
    title openSUSE Security Update : postgresql (postgresql-1773)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0428.NASL
    description From Red Hat Security Advisory 2010:0428 : Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricted. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Perl script could use this flaw to bypass intended PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl scripts with the privileges of the database server. (CVE-2010-1169) Red Hat would like to thank Tim Bunce for responsibly reporting the CVE-2010-1169 flaw. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Tcl. If the PL/Tcl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Tcl script could use this flaw to bypass intended PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl scripts with the privileges of the database server. (CVE-2010-1170) A buffer overflow flaw was found in the way PostgreSQL retrieved a substring from the bit string for BIT() and BIT VARYING() SQL data types. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0442) An integer overflow flaw was found in the way PostgreSQL used to calculate the size of the hash table for joined relations. An authenticated database user could create a specially crafted SQL query which could cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0733) PostgreSQL improperly protected session-local state during the execution of an index function by a database superuser during the database maintenance operations. An authenticated database user could use this flaw to elevate their privileges via specially crafted index functions. (CVE-2009-4136) These packages upgrade PostgreSQL to version 7.4.29. Refer to the PostgreSQL Release Notes for a list of changes : http://www.postgresql.org/docs/7.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68043
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68043
    title Oracle Linux 4 : postgresql (ELSA-2010-0428)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-876-1.NASL
    description It was discovered that PostgreSQL did not properly handle certificates with NULL characters in the Common Name field of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-4034) It was discovered that PostgreSQL did not properly manage session-local state. A remote authenticated user could exploit this to escalate priviliges within PostgreSQL. (CVE-2009-4136). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 43622
    published 2010-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43622
    title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerabilities (USN-876-1)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_E7BC5600EAA011DEBD9C00215C6A37BB.NASL
    description PostgreSQL project reports : PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43177
    published 2009-12-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43177
    title FreeBSD : postgresql -- multiple vulnerabilities (e7bc5600-eaa0-11de-bd9c-00215c6a37bb)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1964.NASL
    description Several vulnerabilities have been discovered in PostgreSQL, a database server. The Common Vulnerabilities and Exposures project identifies the following problems : It was discovered that PostgreSQL did not properly verify the Common Name attribute in X.509 certificates, enabling attackers to bypass the (optional) TLS protection on client-server connections, by relying on a certificate from a trusted CA which contains an embedded NUL byte in the Common Name (CVE-2009-4034 ). Authenticated database users could elevate their privileges by creating specially crafted index functions (CVE-2009-4136 ). The following matrix shows fixed source package versions for the respective distributions. oldstable/etch stable/lenny testing/unstable postgresql-7.4 7.4.27-0etch1 postgresql-8.1 8.1.19-0etch1 postgresql-8.3 8.3.9-0lenny1 8.3.9-1 postgresql-8.4 8.4.2-1 In addition to these security fixes, the updates contain reliability improvements and fix other defects.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44829
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44829
    title Debian DSA-1964-1 : postgresql-7.4, postgresql-8.1, postgresql-8.3 - several vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-13381.NASL
    description Update to latest upstream point releases Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 43340
    published 2009-12-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43340
    title Fedora 12 : postgresql-8.4.2-1.fc12 (2009-13381)
oval via4
accepted 2013-04-29T04:18:56.517-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.
family unix
id oval:org.mitre.oval:def:9358
status accepted
submitted 2010-07-09T03:56:16-04:00
title PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.
version 24
redhat via4
advisories
  • rhsa
    id RHSA-2010:0427
  • rhsa
    id RHSA-2010:0428
  • rhsa
    id RHSA-2010:0429
rpms
  • rh-postgresql-0:7.3.21-3
  • rh-postgresql-contrib-0:7.3.21-3
  • rh-postgresql-devel-0:7.3.21-3
  • rh-postgresql-docs-0:7.3.21-3
  • rh-postgresql-jdbc-0:7.3.21-3
  • rh-postgresql-libs-0:7.3.21-3
  • rh-postgresql-pl-0:7.3.21-3
  • rh-postgresql-python-0:7.3.21-3
  • rh-postgresql-server-0:7.3.21-3
  • rh-postgresql-tcl-0:7.3.21-3
  • rh-postgresql-test-0:7.3.21-3
  • postgresql-0:7.4.29-1.el4_8.1
  • postgresql-contrib-0:7.4.29-1.el4_8.1
  • postgresql-devel-0:7.4.29-1.el4_8.1
  • postgresql-docs-0:7.4.29-1.el4_8.1
  • postgresql-jdbc-0:7.4.29-1.el4_8.1
  • postgresql-libs-0:7.4.29-1.el4_8.1
  • postgresql-pl-0:7.4.29-1.el4_8.1
  • postgresql-python-0:7.4.29-1.el4_8.1
  • postgresql-server-0:7.4.29-1.el4_8.1
  • postgresql-tcl-0:7.4.29-1.el4_8.1
  • postgresql-test-0:7.4.29-1.el4_8.1
  • postgresql-0:8.1.21-1.el5_5.1
  • postgresql-contrib-0:8.1.21-1.el5_5.1
  • postgresql-devel-0:8.1.21-1.el5_5.1
  • postgresql-docs-0:8.1.21-1.el5_5.1
  • postgresql-libs-0:8.1.21-1.el5_5.1
  • postgresql-pl-0:8.1.21-1.el5_5.1
  • postgresql-python-0:8.1.21-1.el5_5.1
  • postgresql-server-0:8.1.21-1.el5_5.1
  • postgresql-tcl-0:8.1.21-1.el5_5.1
  • postgresql-test-0:8.1.21-1.el5_5.1
refmap via4
bid 37333
bugtraq 20100307 rPSA-2010-0012-1 postgresql postgresql-contrib postgresql-server
confirm
fedora
  • FEDORA-2009-13363
  • FEDORA-2009-13381
hp
  • HPSBMU02781
  • SSRT100617
mandriva MDVSA-2009:333
osvdb 61039
sectrack 1023326
secunia
  • 37663
  • 39820
suse SUSE-SR:2010:001
vupen
  • ADV-2009-3519
  • ADV-2010-1197
statements via4
contributor Mark Cox
lastmodified 2010-05-20
organization Red Hat
statement This issue was addressed in Red Hat Enterprise Linux 3 via https://rhn.redhat.com/errata/RHSA-2010-0427.html This issue was addressed in Red Hat Enterprise Linux 4 via https://rhn.redhat.com/errata/RHSA-2010-0428.html This issue was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0429.html and https://rhn.redhat.com/errata/RHSA-2010-0430.html
Last major update 22-08-2016 - 22:00
Published 15-12-2009 - 13:30
Last modified 10-10-2018 - 15:48
Back to Top