ID de Prueba:	1.3.6.1.4.1.25623.1.0.57256
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: postgresql, postgresql-server, ja-postgresql
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: postgresql postgresql-server ja-postgresql CVE-2005-0244 PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command. CVE-2005-0245 Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow attackers to execute arbitrary code via a large number of arguments to a refcursor function (gram.y), which leads to a heap-based buffer overflow, a different vulnerability than CVE-2005-0247. CVE-2005-0246 The intagg contrib module for PostgreSQL 8.0.0 and earlier allows attackers to cause a denial of service (crash) via crafted arrays. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0244 12417 http://www.securityfocus.com/bid/12417 12948 http://secunia.com/advisories/12948 20050210 [USN-79-1] PostgreSQL vulnerabilities http://marc.info/?l=bugtraq&m=110806034116082&w=2 MDKSA-2005:040 http://www.mandriva.com/security/advisories?name=MDKSA-2005:040 RHSA-2005:138 http://www.redhat.com/support/errata/RHSA-2005-138.html SUSE-SA:2005:036 http://www.novell.com/linux/security/advisories/2005_36_sudo.html [pgsql-hackers] 20050127 Permissions on aggregate component functions http://archives.postgresql.org/pgsql-hackers/2005-01/msg00922.php oval:org.mitre.oval:def:10927 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10927 postgresql-security-bypass(19184) https://exchange.xforce.ibmcloud.com/vulnerabilities/19184 Common Vulnerability Exposure (CVE) ID: CVE-2005-0245 DSA-683 http://www.debian.org/security/2005/dsa-683 RHSA-2005:150 http://www.redhat.com/support/errata/RHSA-2005-150.html [pgsql-committers] 20050121 pgsql: Prevent overrunning a heap-allocated buffer is more than 1024 http://archives.postgresql.org/pgsql-committers/2005-01/msg00298.php [pgsql-committers] 20050207 pgsql: Prevent 4 more buffer overruns in the PL/PgSQL parser. http://archives.postgresql.org/pgsql-committers/2005-02/msg00049.php [pgsql-patches] 20050120 Re: WIP: pl/pgsql cleanup http://archives.postgresql.org/pgsql-patches/2005-01/msg00216.php oval:org.mitre.oval:def:10175 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10175 postgresql-cursor-bo(19188) https://exchange.xforce.ibmcloud.com/vulnerabilities/19188 Common Vulnerability Exposure (CVE) ID: CVE-2005-0246 [pgsql-committers] 20050127 pgsql: Fix security and 64-bit issues in contrib/intagg. http://archives.postgresql.org/pgsql-committers/2005-01/msg00401.php oval:org.mitre.oval:def:10148 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10148 postgresql-contribintagg-dos(19185) https://exchange.xforce.ibmcloud.com/vulnerabilities/19185
Copyright	Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.