English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 75516 CVE Beschreibungen
und 39786 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.60234
Kategorie:Mandrake Local Security Checks
Titel:Mandrake Security Advisory MDVSA-2008:004 (postgresql)
Zusammenfassung:Mandrake Security Advisory MDVSA-2008:004 (postgresql)
Beschreibung:
The remote host is missing an update to postgresql
announced via advisory MDVSA-2008:004.

Index Functions Privilege Escalation (CVE-2007-6600): as a unique
feature, PostgreSQL allows users to create indexes on the results of
user-defined functions, known as expression indexes. This provided
two vulnerabilities to privilege escalation: (1) index functions were
executed as the superuser and not the table owner during VACUUM and
ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were
permitted within index functions.

Regular Expression Denial-of-Service (CVE-2007-4772, CVE-2007-6067,
CVE-2007-4769): three separate issues in the regular expression
libraries used by PostgreSQL allowed malicious users to initiate
a denial-of-service by passing certain regular expressions in SQL
queries. First, users could create infinite loops using some specific
regular expressions. Second, certain complex regular expressions
could consume excessive amounts of memory. Third, out-of-range backref
numbers could be used to crash the backend.

DBLink Privilege Escalation (CVE-2007-6601): DBLink functions
combined with local trust or ident authentication could be used by
a malicious user to gain superuser privileges. This issue has been
fixed, and does not affect users who have not installed DBLink (an
optional module), or who are using password authentication for local
access. This same problem was addressed in the previous release cycle
(see CVE-2007-3278), but that patch failed to close all forms of
the loophole.

Updated packages fix these issues by upgrading to the latest
maintenance versions of PostgreSQL.

Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:004

Risk factor : High
Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2007-6600
Bugtraq: 20080107 PostgreSQL 2007-01-07 Cumulative Security Release (Google Search)
http://www.securityfocus.com/archive/1/archive/1/485864/100/0/threaded
Bugtraq: 20080115 rPSA-2008-0016-1 postgresql postgresql-server (Google Search)
http://www.securityfocus.com/archive/1/archive/1/486407/100/0/threaded
Debian Security Information: DSA-1460 (Google Search)
http://www.debian.org/security/2008/dsa-1460
Debian Security Information: DSA-1463 (Google Search)
http://www.debian.org/security/2008/dsa-1463
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html
http://security.gentoo.org/glsa/glsa-200801-15.xml
HPdes Security Advisory: HPSBTU02325
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
HPdes Security Advisory: SSRT080006
http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
http://www.redhat.com/support/errata/RHSA-2008-0038.html
http://www.redhat.com/support/errata/RHSA-2008-0039.html
http://www.redhat.com/support/errata/RHSA-2008-0040.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
SuSE Security Announcement: SUSE-SA:2008:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
http://www.ubuntulinux.org/support/documentation/usn/usn-568-1
BugTraq ID: 27163
http://www.securityfocus.com/bid/27163
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10493
http://www.vupen.com/english/advisories/2008/0061
http://www.vupen.com/english/advisories/2008/0109
http://www.vupen.com/english/advisories/2008/1071/references
http://securitytracker.com/id?1019157
http://secunia.com/advisories/28359
http://secunia.com/advisories/28376
http://secunia.com/advisories/28438
http://secunia.com/advisories/28445
http://secunia.com/advisories/28437
http://secunia.com/advisories/28454
http://secunia.com/advisories/28464
http://secunia.com/advisories/28477
http://secunia.com/advisories/28479
http://secunia.com/advisories/28455
http://secunia.com/advisories/28679
http://secunia.com/advisories/28698
http://secunia.com/advisories/29638
XForce ISS Database: postgresql-indexfunctions-priv-escalation(39496)
http://xforce.iss.net/xforce/xfdb/39496
Common Vulnerability Exposure (CVE) ID: CVE-2007-4772
Bugtraq: 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues (Google Search)
http://www.securityfocus.com/archive/1/archive/1/493080/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDVSA-2008:059
http://www.redhat.com/support/errata/RHSA-2008-0134.html
RedHat Security Advisories: RHSA-2013:0122
http://rhn.redhat.com/errata/RHSA-2013-0122.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11569
http://www.vupen.com/english/advisories/2008/1744
http://secunia.com/advisories/29070
http://secunia.com/advisories/29248
http://secunia.com/advisories/30535
XForce ISS Database: postgresql-regular-expression-dos(39497)
http://xforce.iss.net/xforce/xfdb/39497
Common Vulnerability Exposure (CVE) ID: CVE-2007-6067
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10235
XForce ISS Database: postgresql-complex-expression-dos(39498)
http://xforce.iss.net/xforce/xfdb/39498
Common Vulnerability Exposure (CVE) ID: CVE-2007-4769
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9804
XForce ISS Database: postgresql-backref-dos(39499)
http://xforce.iss.net/xforce/xfdb/39499
Common Vulnerability Exposure (CVE) ID: CVE-2007-6601
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11127
XForce ISS Database: postgresql-dblink-privilege-escalation(39500)
http://xforce.iss.net/xforce/xfdb/39500
Common Vulnerability Exposure (CVE) ID: CVE-2007-3278
Bugtraq: 20070616 Having Fun With PostgreSQL (Google Search)
http://www.securityfocus.com/archive/1/archive/1/471541/100/0/threaded
Bugtraq: 20070618 Re: Having Fun With PostgreSQL (Google Search)
http://www.securityfocus.com/archive/1/471644/100/0/threaded
http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt
http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf
http://www.mandriva.com/security/advisories?name=MDKSA-2007:188
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10334
http://osvdb.org/40899
XForce ISS Database: postgresql-dblink-sql-injection(35142)
http://xforce.iss.net/xforce/xfdb/35142
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 39786 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2014 E-Soft Inc. Alle Rechte vorbehalten.