ID de Prueba:	1.3.6.1.4.1.25623.1.0.100470
Categoría:	Databases
Título:	PostgreSQL 'bitsubstr' Buffer Overflow Vulnerability
Resumen:	PostgreSQL is prone to a buffer-overflow vulnerability because the; application fails to perform adequate boundary checks on user-supplied data.
Descripción:	Summary: PostgreSQL is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Vulnerability Impact: Attackers can exploit this issue to execute arbitrary code with elevated privileges or crash the affected application. Affected Software/OS: PostgreSQL version 8.0.x, 8.1.x, 8.3.x is vulnerable. Other versions may also be affected. Solution: Updates are available. Please see the references for more information. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0442 1023510 http://securitytracker.com/id?1023510 37973 http://www.securityfocus.com/bid/37973 39566 http://secunia.com/advisories/39566 39820 http://secunia.com/advisories/39820 39939 http://secunia.com/advisories/39939 ADV-2010-1022 http://www.vupen.com/english/advisories/2010/1022 ADV-2010-1197 http://www.vupen.com/english/advisories/2010/1197 ADV-2010-1207 http://www.vupen.com/english/advisories/2010/1207 ADV-2010-1221 http://www.vupen.com/english/advisories/2010/1221 DSA-2051 http://www.debian.org/security/2010/dsa-2051 MDVSA-2010:103 http://www.mandriva.com/security/advisories?name=MDVSA-2010:103 RHSA-2010:0427 http://www.redhat.com/support/errata/RHSA-2010-0427.html RHSA-2010:0428 http://www.redhat.com/support/errata/RHSA-2010-0428.html RHSA-2010:0429 http://www.redhat.com/support/errata/RHSA-2010-0429.html USN-933-1 http://ubuntu.com/usn/usn-933-1 [oss-security] 20100127 Re: CVE id request: postgresql bitsubstr overflow http://www.openwall.com/lists/oss-security/2010/01/27/5 [pgsql-committers] 20100107 pgsql: Make bit/varbit substring() treat any negative length as meaning http://archives.postgresql.org/pgsql-committers/2010-01/msg00125.php [pgsql-hackers] 20100107 Re: Patch: Allow substring/replace() to get/set bit values http://archives.postgresql.org/pgsql-hackers/2010-01/msg00634.php http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567058 http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=75dea10196c31d98d98c0bafeeb576ae99c09b12 http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=b15087cb39ca9e4bde3c8920fcee3741045d2b83 http://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html https://bugzilla.redhat.com/show_bug.cgi?id=559194 https://bugzilla.redhat.com/show_bug.cgi?id=559259 oval:org.mitre.oval:def:9720 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9720 postgresql-substring-bo(55902) https://exchange.xforce.ibmcloud.com/vulnerabilities/55902
Copyright	Copyright (C) 2010 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.