 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.120487 |
| Categoría: | Amazon Linux Local Security Checks |
| Título: | Amazon Linux: Security Advisory (ALAS-2012-129) |
| Resumen: | The remote host is missing an update for the 'postgresql8' package(s) announced via the ALAS-2012-129 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'postgresql8' package(s) announced via the ALAS-2012-129 advisory. Vulnerability Insight: It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations (XSLT). An unprivileged database user could use this flaw to read and write to local files (such as the database's configuration files) and remote URLs they would otherwise not have access to by issuing a specially-crafted SQL query. (CVE-2012-3488) It was found that the 'xml' data type allowed local files and remote URLs to be read with the privileges of the database server to resolve DTD and entity references in the provided XML. An unprivileged database user could use this flaw to read local files they would otherwise not have access to by issuing a specially-crafted SQL query. Note that the full contents of the files were not returned, but portions could be displayed to the user via error messages. (CVE-2012-3489) Affected Software/OS: 'postgresql8' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 4.9 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-3488 http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html BugTraq ID: 55072 http://www.securityfocus.com/bid/55072 Debian Security Information: DSA-2534 (Google Search) http://www.debian.org/security/2012/dsa-2534 http://www.mandriva.com/security/advisories?name=MDVSA-2012:139 RedHat Security Advisories: RHSA-2012:1263 http://rhn.redhat.com/errata/RHSA-2012-1263.html RedHat Security Advisories: RHSA-2012:1264 http://rhn.redhat.com/errata/RHSA-2012-1264.html http://secunia.com/advisories/50635 http://secunia.com/advisories/50636 http://secunia.com/advisories/50718 http://secunia.com/advisories/50859 http://secunia.com/advisories/50946 SuSE Security Announcement: openSUSE-SU-2012:1251 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html SuSE Security Announcement: openSUSE-SU-2012:1288 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html SuSE Security Announcement: openSUSE-SU-2012:1299 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html http://www.ubuntu.com/usn/USN-1542-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-3489 BugTraq ID: 55074 http://www.securityfocus.com/bid/55074 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |