English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.54312
Kategorie:Trustix Local Security Checks
Titel:Trustix Security Advisory TSLSA-2005-0015 (postgresql)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing updates announced in
advisory TSLSA-2005-0015.

From the CVE entry:
Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier
may allow attackers to execute arbitrary code via
(1) a large number of variables in a SQL statement being handled by the
read_sql_construct function,
(2) a large number of INTO variables in a SELECT statement being handled
by the make_select_stmt function,
(3) a large number of arbitrary variables in a SELECT statement being
handled by the make_select_stmt function, and
(4) a large number of INTO variables in a FETCH statement being handled
by the make_fetch_stmt function, a different set of vulnerabilities
than CVE-2005-0245.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2005-0247 to this issue.


Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2005-0015

Risk factor : High

CVSS Score:
7.5

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2005-0245
12417
http://www.securityfocus.com/bid/12417
12948
http://secunia.com/advisories/12948
20050210 [USN-79-1] PostgreSQL vulnerabilities
http://marc.info/?l=bugtraq&m=110806034116082&w=2
DSA-683
http://www.debian.org/security/2005/dsa-683
MDKSA-2005:040
http://www.mandriva.com/security/advisories?name=MDKSA-2005:040
RHSA-2005:138
http://www.redhat.com/support/errata/RHSA-2005-138.html
RHSA-2005:150
http://www.redhat.com/support/errata/RHSA-2005-150.html
SUSE-SA:2005:036
http://www.novell.com/linux/security/advisories/2005_36_sudo.html
[pgsql-committers] 20050121 pgsql: Prevent overrunning a heap-allocated buffer is more than 1024
http://archives.postgresql.org/pgsql-committers/2005-01/msg00298.php
[pgsql-committers] 20050207 pgsql: Prevent 4 more buffer overruns in the PL/PgSQL parser.
http://archives.postgresql.org/pgsql-committers/2005-02/msg00049.php
[pgsql-patches] 20050120 Re: WIP: pl/pgsql cleanup
http://archives.postgresql.org/pgsql-patches/2005-01/msg00216.php
oval:org.mitre.oval:def:10175
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10175
postgresql-cursor-bo(19188)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19188
Common Vulnerability Exposure (CVE) ID: CVE-2005-0247
GLSA-200502-19
http://www.gentoo.org/security/en/glsa/glsa-200502-19.xml
SUSE-SA:2005:027
http://www.novell.com/linux/security/advisories/2005_27_postgresql.html
oval:org.mitre.oval:def:9345
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9345
postgresql-fetch-makefetchstmt-bo(19378)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19378
postgresql-makeselectstmt-arbitrary-bo(19377)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19377
postgresql-makeselectstmt-input-bo(19376)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19376
postgresql-readsqlconstruct-bo(19375)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19375
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.