FreeBSD Local Security Checks : FreeBSD Ports: postgresql

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.56268

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: postgresql

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: postgresql

CVE-2005-1409
PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain
character conversion functions, which allows unprivileged users to
call those functions with malicious values, with unknown impact, aka
the 'Character conversion vulnerability.'

CVE-2005-1410
The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1)
dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5)
syn_init functions as 'internal' even when they do not take an
internal argument, which allows attackers to cause a denial of service
(application crash) and possibly have other impacts via SQL commands
that call other functions that accept internal arguments.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-1409
13476
http://www.securityfocus.com/bid/13476
ADV-2005-0453
http://www.vupen.com/english/advisories/2005/0453
FLSA-2006:157366
http://www.securityfocus.com/archive/1/426302/30/6680/threaded
RHSA-2005:433
http://www.redhat.com/support/errata/RHSA-2005-433.html
SUSE-SA:2005:036
http://www.novell.com/linux/security/advisories/2005_36_sudo.html
[pgsql-announce] 20050502 IMPORTANT: two new PostgreSQL security problems found
http://archives.postgresql.org/pgsql-announce/2005-05/msg00001.php
http://www.postgresql.org/about/news.315
oval:org.mitre.oval:def:10050
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10050
oval:org.mitre.oval:def:676
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A676
Common Vulnerability Exposure (CVE) ID: CVE-2005-1410
13475
http://www.securityfocus.com/bid/13475
oval:org.mitre.oval:def:1086
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1086
oval:org.mitre.oval:def:9343
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9343

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.56268
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: postgresql
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: postgresql CVE-2005-1409 PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the 'Character conversion vulnerability.' CVE-2005-1410 The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as 'internal' even when they do not take an internal argument, which allows attackers to cause a denial of service (application crash) and possibly have other impacts via SQL commands that call other functions that accept internal arguments. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1409 13476 http://www.securityfocus.com/bid/13476 ADV-2005-0453 http://www.vupen.com/english/advisories/2005/0453 FLSA-2006:157366 http://www.securityfocus.com/archive/1/426302/30/6680/threaded RHSA-2005:433 http://www.redhat.com/support/errata/RHSA-2005-433.html SUSE-SA:2005:036 http://www.novell.com/linux/security/advisories/2005_36_sudo.html [pgsql-announce] 20050502 IMPORTANT: two new PostgreSQL security problems found http://archives.postgresql.org/pgsql-announce/2005-05/msg00001.php http://www.postgresql.org/about/news.315 oval:org.mitre.oval:def:10050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10050 oval:org.mitre.oval:def:676 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A676 Common Vulnerability Exposure (CVE) ID: CVE-2005-1410 13475 http://www.securityfocus.com/bid/13475 oval:org.mitre.oval:def:1086 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1086 oval:org.mitre.oval:def:9343 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9343
Copyright	Copyright (C) 2008 E-Soft Inc.