 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.51210 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Security Advisory RHSA-2002:301 |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing updates announced in advisory RHSA-2002:301. Updated PostgreSQL packages are available which correct several minor security vulnerabilities. [Updated 06 Feb 2003] Added fixed packages for Advanced Workstation 2.1 PostgreSQL is an advanced Object-Relational database management system (DBMS). Red Hat Linux Advanced Server 2.1 shipped with PostgreSQL version 7.1.3 which has several security vulnerabilities. Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial of service and possibly execute arbitrary code via long arguments to the lpad or rpad functions. CVE-2002-0972 Buffer overflow in the cash_words() function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a malformed argument. CVE-2002-1397 Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows attackers to cause a denial of service and possibly execute arbitrary code via a long date string, referred to as a vulnerability 'in handling long datetime input.' CVE-2002-1398 Heap-based buffer overflow in the repeat() function for PostgreSQL before 7.2.2 allows attackers to execute arbitrary code by causing repeat() to generate a large string. CVE-2002-1400 Buffer overflows in circle_poly, path_encode, and path_add allow attackers to cause a denial of service and possibly execute arbitrary code. Note that these issues have been fixed in our packages and in PostgreSQL CVS, but are not included in PostgreSQL version 7.2.2 or 7.2.3. CVE-2002-1401 Buffer overflows in the TZ and SET TIME ZONE enivronment variables for PostgreSQL 7.2.1 and earlier allow local users to cause a denial of service and possibly execute arbitrary code. CVE-2002-1402 Note that these vulnerabilities are only critical on open or shared systems because connecting to the database is required before the vulnerabilities can be exploited. The PostgreSQL Global Development Team has released versions of PostgreSQL that fix these vulnerabilities, and these fixes have been isolated and backported into the updated 7.1.3 packages provided with this errata. All users of Red Hat Linux Advanced Server 2.1 who use PostgreSQL are advised to install these updated packages. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2002-301.html http://lwn.net/Articles/8445/ http://marc.theaimsgroup.com/?l=postgresql-announce&m=103062536330644 http://marc.theaimsgroup.com/?l=bugtraq&m=102978152712430 http://marc.theaimsgroup.com/?l=bugtraq&m=102987306029821 http://marc.theaimsgroup.com/?l=postgresql-general&m=102995302604086 http://online.securityfocus.com/archive/1/288334 http://online.securityfocus.com/archive/1/288305 http://online.securityfocus.com/archive/1/288036 Risk factor : High CVSS Score: 7.5 |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2002-0972 Bugtraq: 20020820 @(#)Mordred Labs advisory 0x0004: Multiple buffer overflows in PostgreSQL. (Google Search) http://marc.info/?l=bugtraq&m=102987608300785&w=2 http://www.redhat.com/support/errata/RHSA-2003-001.html http://secunia.com/advisories/8034 Common Vulnerability Exposure (CVE) ID: CVE-2002-1397 BugTraq ID: 5497 http://www.securityfocus.com/bid/5497 Bugtraq: 20020819 @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL (Google Search) http://marc.info/?l=bugtraq&m=102977465204357&w=2 Conectiva Linux advisory: CLA-2002:524 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524 http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/utils/adt/cash.c.diff?r1=1.51&r2=1.52 XForce ISS Database: postgresql-cashwords-bo(9891) https://exchange.xforce.ibmcloud.com/vulnerabilities/9891 Common Vulnerability Exposure (CVE) ID: CVE-2002-1398 Bugtraq: 20020819 Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL (Google Search) http://marc.info/?l=bugtraq&m=102978152712430&w=2 Bugtraq: 20020821 Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL (Google Search) http://marc.info/?l=bugtraq&m=102996089613404&w=2 Bugtraq: 20020824 Fwd: [GENERAL] PostgreSQL 7.2.2: Security Release (Google Search) http://marc.info/?l=bugtraq&m=103021186622725&w=2 Bugtraq: 20020826 GLSA: PostgreSQL (Google Search) http://marc.info/?l=bugtraq&m=103036987114437&w=2 Debian Security Information: DSA-165 (Google Search) http://www.debian.org/security/2002/dsa-165 SuSE Security Announcement: SuSE-SA:2002:038 (Google Search) http://www.novell.com/linux/security/advisories/2002_038_postgresql.html Common Vulnerability Exposure (CVE) ID: CVE-2002-1400 Bugtraq: 20020820 @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL (Google Search) http://marc.info/?l=bugtraq&m=102987306029821&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2002:062 Common Vulnerability Exposure (CVE) ID: CVE-2002-1401 http://archives.postgresql.org/pgsql-hackers/2002-08/msg02047.php http://archives.postgresql.org/pgsql-hackers/2002-08/msg02081.php Common Vulnerability Exposure (CVE) ID: CVE-2002-1402 http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |