Test Kennung:	1.3.6.1.4.1.25623.1.0.100400
Kategorie:	Databases
Titel:	PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
Zusammenfassung:	PostgreSQL is prone to a security bypass vulnerability because the; application fails to properly validate the domain name in a signed CA certificate, allowing attackers; to substitute malicious SSL certificates for trusted ones.;; PostgreSQL is also prone to a local privilege escalation vulnerability.
Beschreibung:	Summary: PostgreSQL is prone to a security bypass vulnerability because the application fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones. PostgreSQL is also prone to a local privilege escalation vulnerability. Vulnerability Impact: Successfully exploiting this issue allows attackers to perform man-in-the- middle attacks or impersonate trusted servers, which will aid in further attacks. Exploiting the privilege escalation vulnerability allows local attackers to gain elevated privileges. Affected Software/OS: PostgreSQL versions prior to 8.4.2, 8.3.9, 8.2.15, 8.1.19, 8.0.23, and 7.4.27 are vulnerable to this issue. Solution: Updates are available. Please see the references for more information. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4034 1023325 http://www.securitytracker.com/id?1023325 20100307 rPSA-2010-0012-1 postgresql postgresql-contrib postgresql-server http://www.securityfocus.com/archive/1/509917/100/0/threaded 37334 http://www.securityfocus.com/bid/37334 37663 http://secunia.com/advisories/37663 61038 http://osvdb.org/61038 ADV-2009-3519 http://www.vupen.com/english/advisories/2009/3519 FEDORA-2009-13363 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01035.html FEDORA-2009-13381 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01056.html HPSBMU02781 http://marc.info/?l=bugtraq&m=134124585221119&w=2 MDVSA-2009:333 http://www.mandriva.com/security/advisories?name=MDVSA-2009:333 SSRT100617 SUSE-SR:2010:001 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012 http://www.postgresql.org/docs/current/static/release-7-4-27.html http://www.postgresql.org/docs/current/static/release-8-0-23.html http://www.postgresql.org/docs/current/static/release-8-1-19.html http://www.postgresql.org/docs/current/static/release-8-2-15.html http://www.postgresql.org/docs/current/static/release-8-3-9.html http://www.postgresql.org/docs/current/static/release-8-4-2.html http://www.postgresql.org/support/security.html Common Vulnerability Exposure (CVE) ID: CVE-2009-4136 1023326 http://www.securitytracker.com/id?1023326 37333 http://www.securityfocus.com/bid/37333 39820 http://secunia.com/advisories/39820 61039 http://osvdb.org/61039 ADV-2010-1197 http://www.vupen.com/english/advisories/2010/1197 RHSA-2010:0427 http://www.redhat.com/support/errata/RHSA-2010-0427.html RHSA-2010:0428 http://www.redhat.com/support/errata/RHSA-2010-0428.html RHSA-2010:0429 http://www.redhat.com/support/errata/RHSA-2010-0429.html https://bugzilla.redhat.com/show_bug.cgi?id=546321 oval:org.mitre.oval:def:9358 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9358
Copyright	Copyright (C) 2009 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.