ID CVE-2012-2655
Summary PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler.
References
Vulnerable Configurations
  • PostgreSQL 8.3.11
    cpe:2.3:a:postgresql:postgresql:8.3.11
  • PostgreSQL 8.3.8
    cpe:2.3:a:postgresql:postgresql:8.3.8
  • PostgreSQL 8.3.13
    cpe:2.3:a:postgresql:postgresql:8.3.13
  • PostgreSQL 8.3.6
    cpe:2.3:a:postgresql:postgresql:8.3.6
  • PostgreSQL 8.3.10
    cpe:2.3:a:postgresql:postgresql:8.3.10
  • PostgreSQL 8.3.9
    cpe:2.3:a:postgresql:postgresql:8.3.9
  • PostgreSQL 8.3.7
    cpe:2.3:a:postgresql:postgresql:8.3.7
  • PostgreSQL 8.3.5
    cpe:2.3:a:postgresql:postgresql:8.3.5
  • PostgreSQL 8.3.2
    cpe:2.3:a:postgresql:postgresql:8.3.2
  • PostgreSQL 8.3.1
    cpe:2.3:a:postgresql:postgresql:8.3.1
  • PostgreSQL 8.3.4
    cpe:2.3:a:postgresql:postgresql:8.3.4
  • PostgreSQL 8.3.3
    cpe:2.3:a:postgresql:postgresql:8.3.3
  • PostgreSQL 8.3
    cpe:2.3:a:postgresql:postgresql:8.3
  • PostgreSQL 8.3.12
    cpe:2.3:a:postgresql:postgresql:8.3.12
  • PostgreSQL 8.3.16
    cpe:2.3:a:postgresql:postgresql:8.3.16
  • PostgreSQL 8.3.15
    cpe:2.3:a:postgresql:postgresql:8.3.15
  • PostgreSQL 8.3.14
    cpe:2.3:a:postgresql:postgresql:8.3.14
  • PostgreSQL 8.3.17
    cpe:2.3:a:postgresql:postgresql:8.3.17
  • PostgreSQL 8.3.18
    cpe:2.3:a:postgresql:postgresql:8.3.18
  • PostgreSQL 8.4.5
    cpe:2.3:a:postgresql:postgresql:8.4.5
  • PostgreSQL 8.4.1
    cpe:2.3:a:postgresql:postgresql:8.4.1
  • PostgreSQL 8.4.6
    cpe:2.3:a:postgresql:postgresql:8.4.6
  • PostgreSQL 8.4
    cpe:2.3:a:postgresql:postgresql:8.4
  • PostgreSQL 8.4.2
    cpe:2.3:a:postgresql:postgresql:8.4.2
  • PostgreSQL 8.4.3
    cpe:2.3:a:postgresql:postgresql:8.4.3
  • PostgreSQL 8.4.4
    cpe:2.3:a:postgresql:postgresql:8.4.4
  • PostgreSQL 8.4.7
    cpe:2.3:a:postgresql:postgresql:8.4.7
  • PostgreSQL 8.4.8
    cpe:2.3:a:postgresql:postgresql:8.4.8
  • PostgreSQL 8.4.9
    cpe:2.3:a:postgresql:postgresql:8.4.9
  • PostgreSQL 8.4.10
    cpe:2.3:a:postgresql:postgresql:8.4.10
  • PostgreSQL 8.4.11
    cpe:2.3:a:postgresql:postgresql:8.4.11
  • PostgreSQL 9.0
    cpe:2.3:a:postgresql:postgresql:9.0
  • PostgreSQL 9.0.1
    cpe:2.3:a:postgresql:postgresql:9.0.1
  • PostgreSQL 9.0.2
    cpe:2.3:a:postgresql:postgresql:9.0.2
  • PostgreSQL 9.0.3
    cpe:2.3:a:postgresql:postgresql:9.0.3
  • PostgreSQL 9.0.4
    cpe:2.3:a:postgresql:postgresql:9.0.4
  • PostgreSQL 9.0.5
    cpe:2.3:a:postgresql:postgresql:9.0.5
  • PostgreSQL 9.0.6
    cpe:2.3:a:postgresql:postgresql:9.0.6
  • PostgreSQL 9.0.7
    cpe:2.3:a:postgresql:postgresql:9.0.7
  • PostgreSQL 9.1
    cpe:2.3:a:postgresql:postgresql:9.1
  • PostgreSQL 9.1.1
    cpe:2.3:a:postgresql:postgresql:9.1.1
  • PostgreSQL 9.1.2
    cpe:2.3:a:postgresql:postgresql:9.1.2
  • PostgreSQL 9.1.3
    cpe:2.3:a:postgresql:postgresql:9.1.3
CVSS
Base: 4.0 (as of 19-07-2012 - 11:50)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-675.NASL
    description This version upgrade of PostgreSQL fixes following issues : - Bugfix release 9.0.10 : - Fix planner's assignment of executor parameters, and fix executor's rescan logic for CTE plan nodes. - Improve page-splitting decisions in GiST indexes. - Fix cascading privilege revoke to stop if privileges are still held. - Improve error messages for Hot Standby misconfiguration errors. - Fix handling of SIGFPE when PL/Perl is in use. - Prevent PL/Perl from crashing if a recursive PL/Perl function is redefined while being executed. - Work around possible misoptimization in PL/Perl. - See also: http://www.postgresql.org/docs/9.0/static/release.html - Security and bugfix release 9.0.9 : - Prevent access to external files/URLs via contrib/xml2 (CVE-2012-3488, bnc#776523). - Prevent access to external files/URLs via XML entity references (CVE-2012-3489, bnc#776524). - Fix incorrect password transformation in contrib/pgcrypto (CVE-2012-2143, bnc#766799). - Ignore SECURITY DEFINER and SET attributes for a procedural language's call handler (CVE-2012-2655, bnc#765069). - See also: http://www.postgresql.org/docs/9.0/static/release.html - Rename postgresql-mkspecfiles to pre_checkin.sh
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 74773
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74773
    title openSUSE Security Update : postgresql (openSUSE-SU-2012:1299-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201209-24.NASL
    description The remote host is affected by the vulnerability described in GLSA-201209-24 (PostgreSQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could spoof SSL connections. Furthermore, a remote authenticated attacker could cause a Denial of Service, read and write arbitrary files, inject SQL commands into dump scripts, or bypass database restrictions to execute database functions. A context-dependent attacker could more easily obtain access via authentication attempts with an initial substring of the intended password. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 62380
    published 2012-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62380
    title GLSA-201209-24 : PostgreSQL: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_POSTGRESQL-8311.NASL
    description PostgreSQL was updated to the latest stable release 8.1.23, fixing various bugs and security issues. The following security issues have been fixed : - This update fixes arbitrary read and write of files via XSL functionality. (CVE-2012-3488) - postgresql: denial of service (stack exhaustion) via specially crafted SQL. (CVE-2012-2655) - crypt_blowfish was mishandling 8 bit characters. (CVE-2011-2483)
    last seen 2019-02-21
    modified 2014-08-16
    plugin id 62545
    published 2012-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62545
    title SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 8311)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2012-1336-1.NASL
    description PostgreSQL was updated to the latest stable release 8.1.23, fixing various bugs and security issues. The following security issues have been fixed : - CVE-2012-3488: This update fixes arbitrary read and write of files via XSL functionality. - CVE-2012-2655: postgresql: denial of service (stack exhaustion) via specially crafted SQL. - CVE-2011-2483: crypt_blowfish was mishandling 8 bit characters. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-05-20
    plugin id 83561
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83561
    title SUSE SLED10 / SLES10 Security Update : PostgreSQL (SUSE-SU-2012:1336-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_POSTGRESQL-120820.NASL
    description This update provides PostgreSQL 8.3.20. As part of this update, the packaging scheme has been changed to accomodate an optional parallel installation of newer PostgreSQL versions. The changes in 8.3.20 are : - Prevent access to external files/URLs via XML entity references. xml_parse() would attempt to fetch external files or URLs as needed to resolve DTD and entity references in an XML value, thus allowing unprivileged database users to attempt to fetch data with the privileges of the database server. (CVE-2012-3489, bnc#776524) - Prevent access to external files/URLs via 'contrib/xml2''s xslt_process(). libxslt offers the ability to read and write both files and URLs through stylesheet commands, thus allowing unprivileged database users to both read and write data with the privileges of the database server. Disable that through proper use of libxslt's security options. (CVE-2012-3488, bnc#776523). Also, remove xslt_process()'s ability to fetch documents and stylesheets from external files/URLs. - Fix incorrect password transformation in contrib/pgcrypto's DES crypt() function. If a password string contained the byte value 0x80, the remainder of the password was ignored, causing the password to be much weaker than it appeared. With this fix, the rest of the string is properly included in the DES hash. Any stored password values that are affected by this bug will thus no longer match, so the stored values may need to be updated. (CVE-2012-2143) - Ignore SECURITY DEFINER and SET attributes for a procedural language's call handler. Applying such attributes to a call handler could crash the server. (CVE-2012-2655) - Allow numeric timezone offsets in timestamp input to be up to 16 hours away from UTC. Some historical time zones have offsets larger than 15 hours, the previous limit. This could result in dumped data values being rejected during reload. - Fix timestamp conversion to cope when the given time is exactly the last DST transition time for the current timezone. This oversight has been there a long time, but was not noticed previously because most DST-using zones are presumed to have an indefinite sequence of future DST transitions. - Fix text to name and char to name casts to perform string truncation correctly in multibyte encodings. - Fix memory copying bug in to_tsquery(). - Fix slow session startup when pg_attribute is very large. If pg_attribute exceeds one-fourth of shared_buffers, cache rebuilding code that is sometimes needed during session start would trigger the synchronized-scan logic, causing it to take many times longer than normal. The problem was particularly acute if many new sessions were starting at once. - Ensure sequential scans check for query cancel reasonably often. A scan encountering many consecutive pages that contain no live tuples would not respond to interrupts meanwhile. - Show whole-row variables safely when printing views or rules. Corner cases involving ambiguous names (that is, the name could be either a table or column name of the query) were printed in an ambiguous way, risking that the view or rule would be interpreted differently after dump and reload. Avoid the ambiguous case by attaching a no-op cast. - Ensure autovacuum worker processes perform stack depth checking properly. Previously, infinite recursion in a function invoked by auto-ANALYZE could crash worker processes. - Fix logging collector to not lose log coherency under high load. The collector previously could fail to reassemble large messages if it got too busy. - Fix logging collector to ensure it will restart file rotation after receiving SIGHUP. - Fix PL/pgSQL's GET DIAGNOSTICS command when the target is the function's first variable. - Fix several performance problems in pg_dump when the database contains many objects. pg_dump could get very slow if the database contained many schemas, or if many objects are in dependency loops, or if there are many owned sequences. - Fix contrib/dblink's dblink_exec() to not leak temporary database connections upon error.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 64216
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64216
    title SuSE 11.1 Security Update : PostgreSQL (SAT Patch Number 6697)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-1037.NASL
    description Updated postgresql84 and postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). A flaw was found in the way the crypt() password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. This made brute-force guessing more efficient as the whole password was not required to gain access to protected resources. (CVE-2012-2143) Note: With this update, the rest of the string is properly included in the DES hash; therefore, any previously stored password values that are affected by this issue will no longer match. In such cases, it will be necessary for those stored password hashes to be updated. A denial of service flaw was found in the way the PostgreSQL server performed a user privileges check when applying SECURITY DEFINER or SET attributes to a procedural language's (such as PL/Perl or PL/Python) call handler function. A non-superuser database owner could use this flaw to cause the PostgreSQL server to crash due to infinite recursion. (CVE-2012-2655) Upstream acknowledges Rubin Xu and Joseph Bonneau as the original reporters of the CVE-2012-2143 issue. These updated packages upgrade PostgreSQL to version 8.4.12, which fixes these issues as well as several non-security issues. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 59719
    published 2012-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59719
    title CentOS 5 / 6 : postgresql / postgresql84 (CESA-2012:1037)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-8924.NASL
    description Upstream bug fix + security updates, including the fixes for CVE-2012-2143, CVE-2012-2655 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 59539
    published 2012-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59539
    title Fedora 17 : postgresql-9.1.4-1.fc17 (2012-8924)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-650.NASL
    description - Security and bugfix release 9.1.5 : - Ignore SECURITY DEFINER and SET attributes for a procedural language's call handler (CVE-2012-2655) bnc#765069 - Fix incorrect password transformation in 'contrib/pgcrypto''s DES crypt() function (CVE-2012-2143) bnc#766799 - Prevent access to external files/URLs via 'contrib/xml2''s xslt_process() (CVE-2012-3488) bnc#776523 - Prevent access to external files/URLs via XML entity references (CVE-2012-3489) bnc#776524 - See the release notes for the rest of the changes: http://www.postgresql.org/docs/9.1/static/release.html /usr/share/doc/packages/postgresql/HISTORY
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 74766
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74766
    title openSUSE Security Update : postgresql / postgresql-libs (openSUSE-SU-2012:1251-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-092.NASL
    description Multiple vulnerabilities has been discovered and corrected in postgresql : Fix incorrect password transformation in contrib/pgcrypto's DES crypt() function (Solar Designer). If a password string contained the byte value 0x80, the remainder of the password was ignored, causing the password to be much weaker than it appeared. With this fix, the rest of the string is properly included in the DES hash. Any stored password values that are affected by this bug will thus no longer match, so the stored values may need to be updated (CVE-2012-2143). Ignore SECURITY DEFINER and SET attributes for a procedural language's call handler (Tom Lane). Applying such attributes to a call handler could crash the server (CVE-2012-2655). This advisory provides the latest versions of PostgreSQL that is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 59518
    published 2012-06-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59518
    title Mandriva Linux Security Advisory : postgresql (MDVSA-2012:092)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120625_POSTGRESQL_AND_POSTGRESQL84_ON_SL6_X.NASL
    description PostgreSQL is an advanced object-relational database management system (DBMS). A flaw was found in the way the crypt() password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. This made brute-force guessing more efficient as the whole password was not required to gain access to protected resources. (CVE-2012-2143) Note: With this update, the rest of the string is properly included in the DES hash; therefore, any previously stored password values that are affected by this issue will no longer match. In such cases, it will be necessary for those stored password hashes to be updated. A denial of service flaw was found in the way the PostgreSQL server performed a user privileges check when applying SECURITY DEFINER or SET attributes to a procedural language's (such as PL/Perl or PL/Python) call handler function. A non-superuser database owner could use this flaw to cause the PostgreSQL server to crash due to infinite recursion. (CVE-2012-2655) These updated packages upgrade PostgreSQL to version 8.4.12, which fixes these issues as well as several non-security issues. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61353
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61353
    title Scientific Linux Security Update : postgresql and postgresql84 on SL6.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-667.NASL
    description - Security and bugfix release 9.1.5 : - Ignore SECURITY DEFINER and SET attributes for a procedural language's call handler (CVE-2012-2655) bnc#765069 - Fix incorrect password transformation in 'contrib/pgcrypto''s DES crypt() function (CVE-2012-2143) bnc#766799 - Prevent access to external files/URLs via 'contrib/xml2''s xslt_process() (CVE-2012-3488) bnc#776523 - Prevent access to external files/URLs via XML entity references (CVE-2012-3489) bnc#776524 - See the release notes for the rest of the changes: http://www.postgresql.org/docs/9.1/static/release.html /usr/share/doc/packages/postgresql/HISTORY
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 74769
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74769
    title openSUSE Security Update : postgresql / postgresql-libs (openSUSE-SU-2012:1288-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-8893.NASL
    description Upstream bug fix + security updates, including the fixes for CVE-2012-2143, CVE-2012-2655 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 59534
    published 2012-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59534
    title Fedora 16 : postgresql-9.1.4-1.fc16 (2012-8893)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-8915.NASL
    description Upstream bug fix + security updates, including the fixes for CVE-2012-2143, CVE-2012-2655 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 59538
    published 2012-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59538
    title Fedora 15 : postgresql-9.0.8-1.fc15 (2012-8915)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2491.NASL
    description Two vulnerabilities were discovered in PostgreSQL, a SQL database server : - CVE-2012-2143 The crypt(text, text) function in the pgcrypto contrib module did not handle certain passwords correctly when producing traditional DES-based hashes. Characters after the first 0x80 byte were ignored. - CVE-2012-2655 SECURITY DEFINER and SET attributes for a call handler of a procedural language could crash the database server. In addition, this update contains reliability and stability fixes from the 8.4.12 upstream release.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 59769
    published 2012-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59769
    title Debian DSA-2491-1 : postgresql-8.4 - several vulnerabilities
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2012-94.NASL
    description A flaw was found in the way the crypt() password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. This made brute-force guessing more efficient as the whole password was not required to gain access to protected resources. (CVE-2012-2143) Note: With this update, the rest of the string is properly included in the DES hash; therefore, any previously stored password values that are affected by this issue will no longer match. In such cases, it will be necessary for those stored password hashes to be updated. A denial of service flaw was found in the way the PostgreSQL server performed a user privileges check when applying SECURITY DEFINER or SET attributes to a procedural language's (such as PL/Perl or PL/Python) call handler function. A non-superuser database owner could use this flaw to cause the PostgreSQL server to crash due to infinite recursion. (CVE-2012-2655)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69701
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69701
    title Amazon Linux AMI : postgresql8 (ALAS-2012-94)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1461-1.NASL
    description It was discovered that PostgreSQL incorrectly handled certain bytes passed to the crypt() function when using DES encryption. An attacker could use this flaw to incorrectly handle authentication. (CVE-2012-2143) It was discovered that PostgreSQL incorrectly handled SECURITY DEFINER and SET attributes on procedural call handlers. An attacker could use this flaw to cause PostgreSQL to crash, leading to a denial of service. (CVE-2012-2655). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 59385
    published 2012-06-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59385
    title Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : postgresql-8.3, postgresql-8.4, postgresql-9.1 vulnerabilities (USN-1461-1)
  • NASL family Databases
    NASL id POSTGRESQL_20120604.NASL
    description The version of PostgreSQL installed on the remote host is 8.3.x prior to 8.3.19, 8.4.x prior to 8.4.12, 9.0.x prior to 9.0.8, or 9.1.x prior to 9.1.4. As such, it is potentially affected by multiple vulnerabilities : - Passwords containing the byte 0x80 passed to the crypt() function in pgcrypto are incorrectly truncated if DES encryption was used. (CVE-2012-2143) - SECURITY_DEFINER and SET attributes on procedural call handlers are not ignored and can be used to crash the server. (CVE-2012-2655)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 63353
    published 2012-12-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63353
    title PostgreSQL 8.3 < 8.3.19 / 8.4 < 8.4.12 / 9.0 < 9.0.8 / 9.1 < 9.1.4 Multiple Vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-1037.NASL
    description From Red Hat Security Advisory 2012:1037 : Updated postgresql84 and postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). A flaw was found in the way the crypt() password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. This made brute-force guessing more efficient as the whole password was not required to gain access to protected resources. (CVE-2012-2143) Note: With this update, the rest of the string is properly included in the DES hash; therefore, any previously stored password values that are affected by this issue will no longer match. In such cases, it will be necessary for those stored password hashes to be updated. A denial of service flaw was found in the way the PostgreSQL server performed a user privileges check when applying SECURITY DEFINER or SET attributes to a procedural language's (such as PL/Perl or PL/Python) call handler function. A non-superuser database owner could use this flaw to cause the PostgreSQL server to crash due to infinite recursion. (CVE-2012-2655) Upstream acknowledges Rubin Xu and Joseph Bonneau as the original reporters of the CVE-2012-2143 issue. These updated packages upgrade PostgreSQL to version 8.4.12, which fixes these issues as well as several non-security issues. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68568
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68568
    title Oracle Linux 5 / 6 : postgresql / postgresql84 (ELSA-2012-1037)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-1037.NASL
    description Updated postgresql84 and postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). A flaw was found in the way the crypt() password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. This made brute-force guessing more efficient as the whole password was not required to gain access to protected resources. (CVE-2012-2143) Note: With this update, the rest of the string is properly included in the DES hash; therefore, any previously stored password values that are affected by this issue will no longer match. In such cases, it will be necessary for those stored password hashes to be updated. A denial of service flaw was found in the way the PostgreSQL server performed a user privileges check when applying SECURITY DEFINER or SET attributes to a procedural language's (such as PL/Perl or PL/Python) call handler function. A non-superuser database owner could use this flaw to cause the PostgreSQL server to crash due to infinite recursion. (CVE-2012-2655) Upstream acknowledges Rubin Xu and Joseph Bonneau as the original reporters of the CVE-2012-2143 issue. These updated packages upgrade PostgreSQL to version 8.4.12, which fixes these issues as well as several non-security issues. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 59712
    published 2012-06-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59712
    title RHEL 5 / 6 : postgresql and postgresql84 (RHSA-2012:1037)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120625_POSTGRESQL_AND_POSTGRESQL84_ON_SL5_X.NASL
    description PostgreSQL is an advanced object-relational database management system (DBMS). A flaw was found in the way the crypt() password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. This made brute-force guessing more efficient as the whole password was not required to gain access to protected resources. (CVE-2012-2143) Note: With this update, the rest of the string is properly included in the DES hash; therefore, any previously stored password values that are affected by this issue will no longer match. In such cases, it will be necessary for those stored password hashes to be updated. A denial of service flaw was found in the way the PostgreSQL server performed a user privileges check when applying SECURITY DEFINER or SET attributes to a procedural language's (such as PL/Perl or PL/Python) call handler function. A non-superuser database owner could use this flaw to cause the PostgreSQL server to crash due to infinite recursion. (CVE-2012-2655) These updated packages upgrade PostgreSQL to version 8.4.12, which fixes these issues as well as several non-security issues. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61352
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61352
    title Scientific Linux Security Update : postgresql and postgresql84 on SL5.x i386/x86_64
redhat via4
advisories
bugzilla
id 825995
title CVE-2012-2655 postgresql: Ability of database owners to install procedural languages via CREATE LANGUAGE found unsafe (DoS)
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment postgresql84 is earlier than 0:8.4.12-1.el5_8
          oval oval:com.redhat.rhsa:tst:20121037002
        • comment postgresql84 is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430003
      • AND
        • comment postgresql84-contrib is earlier than 0:8.4.12-1.el5_8
          oval oval:com.redhat.rhsa:tst:20121037004
        • comment postgresql84-contrib is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430023
      • AND
        • comment postgresql84-devel is earlier than 0:8.4.12-1.el5_8
          oval oval:com.redhat.rhsa:tst:20121037008
        • comment postgresql84-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430017
      • AND
        • comment postgresql84-docs is earlier than 0:8.4.12-1.el5_8
          oval oval:com.redhat.rhsa:tst:20121037012
        • comment postgresql84-docs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430011
      • AND
        • comment postgresql84-libs is earlier than 0:8.4.12-1.el5_8
          oval oval:com.redhat.rhsa:tst:20121037020
        • comment postgresql84-libs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430013
      • AND
        • comment postgresql84-plperl is earlier than 0:8.4.12-1.el5_8
          oval oval:com.redhat.rhsa:tst:20121037014
        • comment postgresql84-plperl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430005
      • AND
        • comment postgresql84-plpython is earlier than 0:8.4.12-1.el5_8
          oval oval:com.redhat.rhsa:tst:20121037016
        • comment postgresql84-plpython is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430019
      • AND
        • comment postgresql84-pltcl is earlier than 0:8.4.12-1.el5_8
          oval oval:com.redhat.rhsa:tst:20121037010
        • comment postgresql84-pltcl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430015
      • AND
        • comment postgresql84-python is earlier than 0:8.4.12-1.el5_8
          oval oval:com.redhat.rhsa:tst:20121037024
        • comment postgresql84-python is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430025
      • AND
        • comment postgresql84-server is earlier than 0:8.4.12-1.el5_8
          oval oval:com.redhat.rhsa:tst:20121037018
        • comment postgresql84-server is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430007
      • AND
        • comment postgresql84-tcl is earlier than 0:8.4.12-1.el5_8
          oval oval:com.redhat.rhsa:tst:20121037006
        • comment postgresql84-tcl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430009
      • AND
        • comment postgresql84-test is earlier than 0:8.4.12-1.el5_8
          oval oval:com.redhat.rhsa:tst:20121037022
        • comment postgresql84-test is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430021
  • AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment postgresql is earlier than 0:8.4.12-1.el6_2
          oval oval:com.redhat.rhsa:tst:20121037030
        • comment postgresql is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100908006
      • AND
        • comment postgresql-contrib is earlier than 0:8.4.12-1.el6_2
          oval oval:com.redhat.rhsa:tst:20121037038
        • comment postgresql-contrib is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100908014
      • AND
        • comment postgresql-devel is earlier than 0:8.4.12-1.el6_2
          oval oval:com.redhat.rhsa:tst:20121037032
        • comment postgresql-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100908010
      • AND
        • comment postgresql-docs is earlier than 0:8.4.12-1.el6_2
          oval oval:com.redhat.rhsa:tst:20121037036
        • comment postgresql-docs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100908016
      • AND
        • comment postgresql-libs is earlier than 0:8.4.12-1.el6_2
          oval oval:com.redhat.rhsa:tst:20121037044
        • comment postgresql-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100908024
      • AND
        • comment postgresql-plperl is earlier than 0:8.4.12-1.el6_2
          oval oval:com.redhat.rhsa:tst:20121037046
        • comment postgresql-plperl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100908022
      • AND
        • comment postgresql-plpython is earlier than 0:8.4.12-1.el6_2
          oval oval:com.redhat.rhsa:tst:20121037034
        • comment postgresql-plpython is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100908018
      • AND
        • comment postgresql-pltcl is earlier than 0:8.4.12-1.el6_2
          oval oval:com.redhat.rhsa:tst:20121037048
        • comment postgresql-pltcl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100908020
      • AND
        • comment postgresql-server is earlier than 0:8.4.12-1.el6_2
          oval oval:com.redhat.rhsa:tst:20121037040
        • comment postgresql-server is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100908012
      • AND
        • comment postgresql-test is earlier than 0:8.4.12-1.el6_2
          oval oval:com.redhat.rhsa:tst:20121037042
        • comment postgresql-test is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100908008
rhsa
id RHSA-2012:1037
released 2012-06-25
severity Moderate
title RHSA-2012:1037: postgresql and postgresql84 security update (Moderate)
rpms
  • postgresql84-0:8.4.12-1.el5_8
  • postgresql84-contrib-0:8.4.12-1.el5_8
  • postgresql84-devel-0:8.4.12-1.el5_8
  • postgresql84-docs-0:8.4.12-1.el5_8
  • postgresql84-libs-0:8.4.12-1.el5_8
  • postgresql84-plperl-0:8.4.12-1.el5_8
  • postgresql84-plpython-0:8.4.12-1.el5_8
  • postgresql84-pltcl-0:8.4.12-1.el5_8
  • postgresql84-python-0:8.4.12-1.el5_8
  • postgresql84-server-0:8.4.12-1.el5_8
  • postgresql84-tcl-0:8.4.12-1.el5_8
  • postgresql84-test-0:8.4.12-1.el5_8
  • postgresql-0:8.4.12-1.el6_2
  • postgresql-contrib-0:8.4.12-1.el6_2
  • postgresql-devel-0:8.4.12-1.el6_2
  • postgresql-docs-0:8.4.12-1.el6_2
  • postgresql-libs-0:8.4.12-1.el6_2
  • postgresql-plperl-0:8.4.12-1.el6_2
  • postgresql-plpython-0:8.4.12-1.el6_2
  • postgresql-pltcl-0:8.4.12-1.el6_2
  • postgresql-server-0:8.4.12-1.el6_2
  • postgresql-test-0:8.4.12-1.el6_2
refmap via4
confirm http://www.postgresql.org/about/news/1398/
debian DSA-2491
fedora
  • FEDORA-2012-8893
  • FEDORA-2012-8915
  • FEDORA-2012-8924
mandriva MDVSA-2012:092
secunia 50718
suse
  • openSUSE-SU-2012:1251
  • openSUSE-SU-2012:1288
  • openSUSE-SU-2012:1299
Last major update 18-04-2013 - 23:22
Published 18-07-2012 - 19:55
Back to Top