Test Kennung:	1.3.6.1.4.1.25623.1.0.67135
Kategorie:	FreeBSD Local Security Checks
Titel:	FreeBSD Ports: postgresql-server
Zusammenfassung:	The remote host is missing an update to the system; as announced in the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: postgresql-server CVE-2010-0442 The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an 'overflow.' Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0442 1023510 http://securitytracker.com/id?1023510 37973 http://www.securityfocus.com/bid/37973 39566 http://secunia.com/advisories/39566 39820 http://secunia.com/advisories/39820 39939 http://secunia.com/advisories/39939 ADV-2010-1022 http://www.vupen.com/english/advisories/2010/1022 ADV-2010-1197 http://www.vupen.com/english/advisories/2010/1197 ADV-2010-1207 http://www.vupen.com/english/advisories/2010/1207 ADV-2010-1221 http://www.vupen.com/english/advisories/2010/1221 DSA-2051 http://www.debian.org/security/2010/dsa-2051 MDVSA-2010:103 http://www.mandriva.com/security/advisories?name=MDVSA-2010:103 RHSA-2010:0427 http://www.redhat.com/support/errata/RHSA-2010-0427.html RHSA-2010:0428 http://www.redhat.com/support/errata/RHSA-2010-0428.html RHSA-2010:0429 http://www.redhat.com/support/errata/RHSA-2010-0429.html USN-933-1 http://ubuntu.com/usn/usn-933-1 [oss-security] 20100127 Re: CVE id request: postgresql bitsubstr overflow http://www.openwall.com/lists/oss-security/2010/01/27/5 [pgsql-committers] 20100107 pgsql: Make bit/varbit substring() treat any negative length as meaning http://archives.postgresql.org/pgsql-committers/2010-01/msg00125.php [pgsql-hackers] 20100107 Re: Patch: Allow substring/replace() to get/set bit values http://archives.postgresql.org/pgsql-hackers/2010-01/msg00634.php http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567058 http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=75dea10196c31d98d98c0bafeeb576ae99c09b12 http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=b15087cb39ca9e4bde3c8920fcee3741045d2b83 http://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html https://bugzilla.redhat.com/show_bug.cgi?id=559194 https://bugzilla.redhat.com/show_bug.cgi?id=559259 oval:org.mitre.oval:def:9720 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9720 postgresql-substring-bo(55902) https://exchange.xforce.ibmcloud.com/vulnerabilities/55902
Copyright	Copyright (C) 2010 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.