Red Hat Local Security Checks : RedHat Security Advisory RHSA-2003:314

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51011

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2003:314

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2003:314.

PostgreSQL is an advanced Object-Relational database management system
(DBMS).

Two bugs that can lead to buffer overflows have been found in the
PostgreSQL abstract data type to ASCII conversion routines. A remote
attacker who is able to influence the data passed to the to_ascii functions
may be able to execute arbitrary code in the context of the PostgreSQL
server. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2003-0901 to these issues.

In addition, a bug that can lead to leaks has been found in the string to
timestamp abstract data type conversion routine. If the input string to
the to_timestamp() routine is shorter than what the template string is
expecting, the routine will run off the end of the input string, resulting
in a leak and unstable behaviour.

Users of PostgreSQL are advised to upgrade to these erratum packages, which
contain a backported patch that corrects these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2003-314.html
http://www.securityfocus.com/bid/8741
http://archives.postgresql.org/pgsql-bugs/2003-09/msg00014.php

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: BugTraq ID: 8741
Common Vulnerability Exposure (CVE) ID: CVE-2003-0901
http://www.securityfocus.com/bid/8741
Conectiva Linux advisory: CLA-2003:784
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000784
Conectiva Linux advisory: CLSA-2003:772
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000772
Debian Security Information: DSA-397 (Google Search)
http://www.debian.org/security/2003/dsa-397
http://www.redhat.com/support/errata/RHSA-2003-313.html
http://www.redhat.com/support/errata/RHSA-2003-314.html

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51011
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2003:314
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2003:314. PostgreSQL is an advanced Object-Relational database management system (DBMS). Two bugs that can lead to buffer overflows have been found in the PostgreSQL abstract data type to ASCII conversion routines. A remote attacker who is able to influence the data passed to the to_ascii functions may be able to execute arbitrary code in the context of the PostgreSQL server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0901 to these issues. In addition, a bug that can lead to leaks has been found in the string to timestamp abstract data type conversion routine. If the input string to the to_timestamp() routine is shorter than what the template string is expecting, the routine will run off the end of the input string, resulting in a leak and unstable behaviour. Users of PostgreSQL are advised to upgrade to these erratum packages, which contain a backported patch that corrects these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2003-314.html http://www.securityfocus.com/bid/8741 http://archives.postgresql.org/pgsql-bugs/2003-09/msg00014.php Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 8741 Common Vulnerability Exposure (CVE) ID: CVE-2003-0901 http://www.securityfocus.com/bid/8741 Conectiva Linux advisory: CLA-2003:784 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000784 Conectiva Linux advisory: CLSA-2003:772 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000772 Debian Security Information: DSA-397 (Google Search) http://www.debian.org/security/2003/dsa-397 http://www.redhat.com/support/errata/RHSA-2003-313.html http://www.redhat.com/support/errata/RHSA-2003-314.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com